How to squelch the security threat of digital copiers

Is there a hacker targeting your digital copier?

The security hole that ubiquitous copy machines can create is a big one, albeit one most IT folks probably don't consider often enough.

The Federal Trade Commission however has heard enough complaints about the copier security problem that earlier this year it started contacting copy machine makers and office supply stores about privacy concerns over the thousands of images that can potentially be stored on the machines' hard drives.

FTC wants "Do Not Track" feature among wide-ranging online privacy changes

According to an IDG News Service story on the topic: FTC Chairman Jon Leibowitz, in a letter to U.S. Representative Ed Markey, said the agency has been working to alert copy machine manufacturers and sellers of the privacy risks of the information that many copy machines store on their hard drives. The FTC is trying to "determine whether they are warning their customers about these risks ... and whether manufacturers and resellers are providing options for secure copying."

The IDG story went on to note that according to CBS News, nearly every copy machine built since 2002 stores documents copied, scanned and e-mailed by the machines on their hard drives. The report found sensitive health and law-enforcement investigation information on copy machines ready to be resold.

So this week the FTC has issued a list of tips for businesses on securing sensitive data stored on the hard drives of digital copiers.  Here are a few:

  • Before acquiring a copier, plan to have the information technology staff manage and maintain it just as they would a computer or a server.
  • When buying or leasing a copier, evaluate your options for securing the data on its hard drive - including the encryption or overwriting features that will be used.
  • Encryption scrambles the data on the hard drive so it can only be read by particular software. This ensures that even if the hard drive is removed from the machine, the data cannot be retrieved. Overwriting - also known as file wiping or shredding - replaces the existing data with random characters, so that the file cannot be easily reconstructed.
  • Take advantage of all of the copier's security features. Securely overwrite the entire hard drive at least once a month.
  • When returning or disposing of a copier, find out whether it is possible to have the hard drive removed and destroyed, or to overwrite the data on the hard drive. Generally, it is advisable for a skilled technician to remove the hard drive to avoid the risk of rendering the machine inoperable.

Follow Michael Cooney on Twitter: nwwlayer8  

Layer 8 Extra

Check out these other hot stories:

US Marines spend $75.7M to get unmanned cargo helicopters for Afghanistan war

NASA Arsenic bug finding not the end of the world as we know it, just a different one

US delivers record 1.7B supercomputing hours to boost energy research

AT&T goes after copper thieves

US shutters 82 domain names citing counterfeit goods sales, copyright problems

Who wants to be a cyber-security warrior?

HTTPS Everywhere gets Firefox "Firesheep" protection

Space X gets first private FAA reentry license from space

The battle for space shots heats up on the ground

10 free iPhone apps for spectacular stargazing

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)