nice little article here
Is your copier spying on you?
Responsible business owners never leave the front door to their enterprise unlocked while unattended, nor would they hand out confidential passwords to strangers. But without realizing it, many may have already handed over their business keys to a potentially dangerous culprit: their digital copier.
Networked, multifunction “smart” copiers are a key component of many businesses simply because they can handle many tasks beyond copying — think of actions like printing, scanning, faxing, and emailing documents. The issue, however, is that digital copiers generally require hard disk drives to manage multiple incoming workloads and to increase the speed of production — and this can be a gateway to data theft.
The copier’s hard drive typically stores data about the documents it processes; while this is necessary to the device’s operation, it means that the data on the hard drive could be vulnerable to hackers, either by remote access or by extraction once the hard drive is removed. This is more than an inconvenience, since a company’s reputation may be at stake. And if the business processes sensitive information — including Social Security numbers, credit reports, account numbers, or health records — the enterprise may have legal obligations to protect the records.
An IT support services provider can take a number of steps to ensure that digital copiers connected to a company’s network are secure. One strategy is to use authentication at the device level, requiring a password, card swipe, biometric information, or other assurance before the device can be physically accessed.
A company may also wish to ask theirmanaged IT services partner about “pull printing.” It securely segregates the initiation and the release of a print job to minimize the possibility that a user will inadvertently leave restricted or classified documents next to the printer, where anyone can view them. This kind of situation often occurs when a user wants to print a job with a device that is located on a different floor or in a completely different building.
The pull-printing process itself is a kind of two-factor verification. An authorized user first initiates the job from a workstation or a mobile device. Then, before the destination digital printer executes the print command, the user must release it through one of three secure methods: an app or browser-based release, a badge or card reader, or an integrated app that is built into or installed directly onto the console of a supported digital printer.
As an additional precaution, business owners may utilize software-based print rules or restrictions to restrict access to selected printers and to create an audit trail to help determine the chain of events in the event of a breach. For example, the email “send to address” may be locked so it will only match the domain of the company where the copier is deployed which may reduce the chance of an unauthorized extraction.
These and other strategies — like reviewing and confirming there is no auto-BCC setup on the copier — can go a long way to securing digital copier data, but the threats do not stop there. Consider that as technology continues to evolve, businesses often lease digital copier equipment instead of buying it outright. That model is efficient but also raises a new set of challenges: the machine’s hard drive often contains reams of sensitive data that could be accessible to the next customer who acquires the device.
A business owner can try to guard against this kind of unauthorized access by setting their digital copier to automatically delete scans from the hard drive once a task is completed. It is a convenient approach, but it may not be as secure as an overwrite — also known as file wiping or shredding.
Simply deleting data or reformatting a hard drive does not alter or remove the data but instead alters the way the hard drive finds the data and combines it to make files. As a result, the data remains on the hard drive and may be recovered through a variety of utility software programs. In contrast, an overwrite essentially changes the values of the bits on the disk that make up a file by overwriting existing data with random characters. When the files are overwritten, the space that the file occupied and its traces are removed, and the file cannot be as easily reconstructed.
Digital copiers enable many businesses to operate more efficiently. But the sensitive data they store makes these time-saving devices a target for bad actors. When businesses take proactive security steps and work with a qualified Cyber Security consultant to reinforce their digital defenses, however, they improve the odds of deflecting the threats.
Carl Mazzanti is president of eMazzanti Technologies in Hoboken, NJ, providing IT consulting services for businesses ranging from home offices to multinational corporations.