When it comes to your business security, the office photocopier may be the last thing that comes to mind. But today’s generation of machines are networked, multi-functioning devices that can print, copy, scan, fax and email. They hold a treasure trove of sensitive data—Social Security numbers, health records, account number and more that, in the wrong hands, can lead to identity theft and fraud. Also, copiers are often leased, returned and then re-leased or sold, putting businesses at a greater risk of a data breach.
Consider one company’s recent data security nightmare: The business returned its copier to a leasing company that failed to erase the machine’s memory before reselling it to a news organization. The news organization discovered the personally identifiable information of hundreds of individuals and produced a news story about the incident. The company faced a potential breach of federal privacy laws, but was able to recover from the incident with help from IDT911.
Businesses can protect themselves—and their company’s and customer’s sensitive and confidential data—by including copiers in their information security plan. Follow these tips to safeguard information:
1. Educate yourself and your employees about copier risks. Be aware of the information stored on the device and the risk if that data is stolen or the device is lost. Limit storage of sensitive private and corporate data on such devices.
2. Assign responsibility. Make sure copiers are managed and maintained by your company’s IT or information security team. Employees who secure company computers and servers also should secure the data contained in the copiers.
3. Research and use your copier’s security features or buy the extra security capabilities. Many copier companies—whether they sell or lease the copier—offer disk override or disk erase features that ensure each new document copy overrides the previous one. Some copiers have built-in data encryption capabilities that aren’t activated or used. Additionally, many copier companies sell such encryption capabilities for their copiers that may prove to be a good value.
4. Secure data before returning or disposing of copier. Review your options for securing the hard drive or internal memory with the copier manufacturer, dealer or servicing company. Some companies may handle data disposal for you. If returning to a leasing company, use easily available software to sanitize or “wipe clean” the hard drive and document the sanitization process.
5. Consider compliance responsibilities. Your business may be required to follow specific compliance obligations depending on the information it stores, transits and receives. Financial institutions, for example, must follow the Gramm-Leach-Bliley Safeguards Rule for protecting personal computer data that includes copiers. Make sure you’re aware of state, federal and international requirements.