Today, businesses are all too aware of the importance of protecting data. With the introduction of GDPR in May 2018, companies are going to be even more accountable for how they obtain, store, and use personal client data.
With regular stories in the media regarding data breaches at some of the world’s biggest and most well-known businesses, companies are ever more aware of the need to secure their business IT systems and devices including laptops, desktops, mobiles, and servers. However, did you know that the inconspicuous photocopier sitting in the corner of your office could be a data security issue?
Nearly every digital photocopier manufactured since 2002 contains a hard drive. Like the one in your computer, it stores an image of every document scanned, copied, or emailed by the machine. The photocopier hard drive is required in order to store and process the large amounts of data that are taken in by the device.
If you don’t take the appropriate steps to protect this data, it can be stolen from the hardware, either by remote access through your Wi-Fi or business network or by extracting the data from the hard drive once removed from the device.
Before you think “well, I never use a photocopier, so my data isn’t at risk”, think of all the businesses that do have access to your data – accountants, lawyers, doctors, banks… the list is never-ending, and if they don’t have processes in place, your data is at risk.
Examples of breaches
In 2010, a CBS investigation went to a warehouse in New Jersey which sold used photocopiers, to see what data could be extracted from the hard drives. One of the devices had 300 pages of individual medical records, from prescriptions to cancer diagnoses. Imagine what could happen if this information got into the wrong hands?
Companies that fail to wipe their photocopier’s hard drives can face huge fines.
In 2013, US company Affinity Health Plan paid $ 1.2 million to settle a breach that affected 344,557 individuals, whose data was on the hard drives of machines returned to their leasing company.
Many photocopiers in offices today are leased, meaning that at the end of the lease they are returned to the local dealer, to be sold to another company. The transient nature of photocopiers is what makes hard-drive security a considerable issue. Knowing what to do with your photocopier’s hard drive when you have finished with it is critical. Knowing what your supplier does with it is even more essential.
When equipment is returned to Sharp, we automatically, (unless the customer advises otherwise) wipe every machine’s hard drive to ensure all customer information is erased. This ensures that all your data remains confidential when we dispose of or re-sell the equipment.
Steps you can take to protect your copier’s hard drive
1. If you have chosen a second-hand photocopier, make sure the device has no data on it when it arrives. You don’t want to be responsible for having the confidential data of the previous owner stored on your device.
2. Implement a policy that ensures that you regularly delete or format any unnecessary information stored on your copier hard drives, perhaps on a monthly basis, to limit your liability for data breaches.
3. Limit users’ accessibility. Most companies don’t allow every user to have access to all company files and server folders, and your photocopier should be no different. You should implement protocols so that employees can’t access or re-print documents, that they wouldn’t have access to on their PC.
4. Turn on data encryption on your device. Most photocopiers today have the option to turn on data encryption, this refers to the use of data that can only be read by the software used by the photocopier. While this isn’t foolproof, it adds a level of security that will prevent someone from removing the hard drive and using the data.
5. If you own the photocopier outright, make sure that your IT team wipes the hard drive when you come to upgrade the device.
If you are concerned about your photocopier’s hard drive, why not get in touch with our team? We’ll be happy to talk you through the best steps for your business to ensure that your photocopier is not at risk of a data breach.