Digital copiers: A serious risk to sensitive info
In the category of “one more thing to worry about,” comes this: Your digital copier may be putting your business, tax, personnel and other sensitive information at risk of being hacked by data thieves.
Where once the only risk posed by workplace photocopiers might be some surreptitious butt-scans by employees at the annual Christmas party, now some of the machines could cause business owners, employees and customers to lose sensitive information that thieves can use to wreck businesses and create personal and financial chaos for individuals.
Earlier this year, Sharp Document Solutions Co. of America issued a warning that digital photocopiers made in the last five years can store data of copied documents in an internal hard drive indefinitely.
While no major loss of data has been reported so far, there have been a few instances that should give businesses pause—not to mention individuals who may photocopy such info-rich documents as tax returns on unsecured copiers.
As a precaution, Sharp and other companies offer encryption software and security kits that, in effect, electronically shred documents, rather than saving them to the hard drive, says James Reasor, training manager at Charlotte Copy Data, parent company of Asheville Copy Data.
Businesses and individuals have only recently started to become savvy to the problem, Reasor tells Xpress. A survey conducted on behalf of Sharp a few years ago indicated that, of 1,005 adults surveyed, 54 percent were not aware that images of copies are stored on a copier’s hard drive.
“The first thing that everybody doesn’t realize is that the copier has a computer in it that’s just like the computer that you might have sitting on your desk,” explains Reasor. “It has a processor, a hard drive, it has RAM. It has all these things; the only thing it doesn’t have is a keyboard and a monitor. So, the same ways that someone can hack into your computer, theoretically they can do the same thing to your copier.”
In fact, he says, there was an instance on a college campus where students had rigged a hard drive on a copier to download music off the Web. “That’s how sophisticated some of this stuff is,” Reasor observes.
In addition to hacking, data can more readily be accessed when the machine is sold or is returned to a leasing agent and goes somewhere—including the local dump—where that information is still residing on the hard drive.
For example, he says, “We got one that got traded in on a lease and it turned out that [the company] had their entire payroll on it. Before we could even throw it in a Dumpster, we had to clear those hard drives. So we have a process now where when we get one in we go ahead and clear the hard drive just to verify that the information is no longer on there. … Customers just aren’t aware that they’ve left information on their hard drive.”
Most copier manufacturers now offer “Common Criteria Certification” security kits that can encrypt information so that it’s an unintelligible mess to anyone who tries to access it. Sharp has the best one currently, says Reasor, whose company sells and leases that brand along with a couple others with their own security add-ons. Reasor was unable to quote costs for such kits, but says they are reasonably priced. And it’s best not to assume that your IT staff is aware of the risks. Sharp’s survey indicated that even some IT pros were unaware of the risks.
Users can also set up copiers so that functions such as printing can be rerouted through a user’s computer or a secure server so that the images are not saved on the copier’s drive. And individuals who use copy shops should verify that anything they copy will be secure.
“The biggest thing is, if you ever let your copier leave your building, that you have made sure that you or someone who works for you has cleared the information off that hard drive,” Reasor says. “Personally, my recommendation is that someone go ahead and invest in those security kits.”
Here are some more tips to protect your network-attached copier:
• User authentication: Setting copiers to require passwords can keep nonemployees out.
• Permissions authentication: Copiers can be set to require passwords for certain applications, as a network-attached computer can be configured for the same.
• Document encryption: This can help protect sensitive or confidential information before it is sent across the network.
• Secure deletion of temporary files: Newer digital copiers store copied images on an internal hard drive. Setting the copier to delete these files can prevent unauthorized people from accessing sensitive information.
• Activity tracking: Copiers can be set to track what is being copied or sent, who is copying it, and when.
• Timed logout: The copier can be set to log users out when they’ve been inactive—preventing the next user from sending or storing documents under the previous user’s identity.
Capital infusion: The Blue Ridge Entrepreneurial Council will hold its 5th annual Carolina Connect conference at Asheville’s Grove Park Inn and Spa on Thursday, Oct. 11. The agenda is still being finalized, but past Carolina Connect conferences brought together Western North Carolina entrepreneurs with private-equity investors. Again this year, the focus will be on helping entrepreneurs get more private-investor capital, increase sales revenue and learn more about the process of partnering for research grants. For more details, call BREC at 273-9862, and visit www.brecnc.com for details as they become available.
Green business: AdvantageWest will hold its Advantage Innovation 2007: Environmental Related Enterprises conference Dec. 6-7 in Asheville. This interactive conference will focus on the recruitment and expansion of jobs and investment associated with environmental-related enterprises. Sessions will include environmental reclamation, green construction, environmental sciences, alternative/renewable energy and environmental conservation. For more details as they become available, contact AdvantageWest Executive Vice-President Scott Hamilton at email@example.com.