How secure is the hard drive on your office copier? Do you have a plan in place to secure it when it goes back to the dealer? How about if you sell it? Or better yet, are you able to segregate or protect files from disgruntled employees or just personnel who aren’t authorized to reprint or examine particular documents? Relying on common sense can get you a bit down the road, but a lot of businesses are turning to more robust solutions to protect their client information and ensure compliance with modern regulatory requirements. Copier hard drive security is a big deal and it’s time you re-evaluated your company policies to ensure you’re up to speed on best practices.
Most companies keep sensitive data on computers, including social security numbers, credit checks and reports, business plans and even health records and billing. While the need to protect computer data is somewhat obvious, a lot of this information is also stored on your office printers and copiers—trapped, as it were—in the local hard drive. More recently, the FTC has been cracking down and requiring that security measures and protocols also include these copier hard drives. That means your internal policies for security need to be updated—particularly when it comes to employee access. Just as not all your employees have access to the information store on HR and administrator computers, employees must also be given access rights to materials available for retrieval on copiers and MFPs.
Fraud, identity theft, and corporate espionage or only some of the primary reasons given by the FTC for this need for additional controls. We’d have to agree.
Today’s copiers and MFPs are very much computerized, with large touch screen interfaces and memory, storage and output functions just like a PC. They are networked into your office, accept WiFi connections, and interact in ways very similar to a desktop or portable computer. Information flow is jut as similar, with prints, copies, scans, faxes and emails passing through these machines on a scale never before imagined int eh office. For these advanced copiers that exist in most businesses today, the use of a hard drive is almost a given in order to store and process the large amounts of data processed and passed by these machines.
The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails. If you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extracting the data once the drive has been removed.
Because MFPs and digital copiers are often leased, they can be returned to the local dealer for resale or re-lease to another company. If you bought your machine outright, you may end up selling it—or you may have purchased your current model used. This transient nature of copiers and MFPs is what makes hard drive security a very significant issue. Knowing what to do with your hard drive when you turn in, sell, or otherwise transfer a copier to another location (be in interoffice or to another company or building) is critical.
There are several key things you can do to secure your copier’s hard drive. I’ll outline several of those here:
Plan for data security when you get a new copier or MFP
Don’t just worry about your own data. Have a plan to erase the data of any incoming machines so that you’re not liable for any employee access to those files should the worst case scenario unfold. Format, securely when possible, the hard drives on any new machines the day they arrive (or the day your IT or network management department configures them). If your IT or network management team isn’t aware of modern security protocols and regulation, have them attend educational seminars and training to get them up to speed. Your IT department will need to manage your new products just like any other computer or network device in your organization.
Have a plan for your own machines on an ongoing basis
Don’t just format hard drives when you turn in copiers or exchange them for new models. You want to have a regular policy of deleting and formatting hard drives on a monthly basis to limit your liability for stolen or misappropriated information and data.
Create a managed access network for employees
Having a copier and/or MFP in a large office is a lot like letting employees read over the shoulder of the HR director or president. You need to restrict information. That often means creating protocols and implementing managed print servers to regulate and control access to machines and documents. It’s these protocols that ensures an employee can’t access or reprint documents they aren’t supposed to be privy to.
Have a plan for printer and copier disposal
When you do opt to trade in or sell your MFP or copier, have a solid plan to securely erase the internal hard drive. Many newer models come with an option for erasing hard drives with government-level security protocols—these include encryption and secure overwriting of existing data to zero them out. That may be something to look into with your current or future copier leases.
Hard Drive Encryption
When you hear about copier and hard drive encryption, it’s generally referring to the use of data that can only be read by the particular software used in the copier. None of this has proven to be unbreakable, but it is a great first step to ensure that your hard drive can’t be removed and used by just anybody. The data on these hard drives is more secure than on older models where you could access the native information quite easily.
Hard Drive Secure Erase
Systems that allow secure erasing of hard drives often use what’s known as zero-level formatting, where actual data is written overtop of the existing data for all sectors on the hard drive. This effectively blanks out the current data by overwriting (wiping) it and then finally re-erasing it. Some systems offer overwriting as an ongoing activity that secures the hard drive after every few uses. Others offer it as a scheduled function that can occur at night when the machine is not being used, or as a weekly process. This is a great feature as it takes some of the burden off having to initiate a secure erase manually. If you have this feature you should run it, at a minimum, once every month.
Password-protected Hard Drives
Another method we’ve seen is password-protecting hard drives. This isn’t completely foolproof as a hard drive, when removed, can ultimately be manually deconstructed and accessed. This is, however, sufficient for stopping rudimentary thieves or those who aren’t involved in high level theft of corporate data.
You definitely want to take advantage of as many of these security measures as possible. Combined with good practices regarding network and access management, you can quickly ramp up to a level of security that passes most industry and government requirements. If you don’t have access to security features like this, don’t sweat it, but be sure to look into them for your next lease. With your current copier, be sure to physically destroy the hard drive when you trade it in, sell it, or upgrade.
For more information on securing your business and information properly as well as disclosing information as needed regarding you practices, read up on the Gramm-Leach-Bliley Act, which requires certain companies to explain their information-sharing practices to their customers and to safeguard sensitive data. While this Act is geared towards the financial industry, it’s a good policy for all businesses (including those in legal, manufacturing and small businesses) that deal with sensitive company, customer, and employee data.