Digital Copier Security - There's More to Overcome Than Just the Hard Drive

The CBS Evening News recently broadcast a story called "Copy Machines a Security Risk?"  The information presented in the story was alarming, to say the least, but CBS only scratched the surface of the topic.  For companies who rely on securing confidential and proprietary information from competitors or hackers, there's much more you need to know about the inconspicuous digital copier.  In this article, we'll look at five areas where confidential information may be compromised.

If you haven't seen the CBS story please click on this link at the bottom of this page and view the five-minute broadcast before you continue with this article.

In addition to the risks presented by the CBS story here are 5 additional areas where copiers can compromise your security.

1. Many digital copiers are also network printers that store network information such as IP addresses, subnet masks and gateway IP's.  These settings are not stored on the hard drive and are not cleared by the digital copier "Purge" feature.  Network settings must be manually cleared.  Security experts will tell you to keep your network configuration private.  You don't want competitors or hackers to know your internal network configuration.  The more information about your network infrastructure that's accessible to hackers the less they have to figure out on their own and the sooner they can compromise your network.

2. Many digital copiers store the IP addresses of your DNS servers and/or Domain controllers.  Depending on the type and model of your copier, this information may not be cleared by your copier "purge" function.  You definitely don't want competitors or hackers knowing the IP addresses of your Name Servers or Domain Controllers.

3. Many digital copiers store email addresses and some even download your entire Email Global Address List to the copier.  Again, you don't want this to be accessible to those outside your company.

4. The "purge" function used by older digital copy machines doesn't delete any data from the copier hard drive.  It only renders the data inaccessible to the copier software.  It either deletes a file we techies would call a "file allocation table" or it will use other tactics to render the data unreadable to the copier software.  The "Purge" button merely gives an allusion the disk has been cleaned.  However, the data is still there and can be removed as shown on the CBS story.  Most copier security policies rely on this built-in Purge function and think their data is cleared.  It is not cleared.  It can still be accessed with free scanning tools available on the internet.

5. If your copier has a fax capability, the copier also stores all the phone numbers it dialed and numbers that dialed it along with any information you provided in your Fax phone book.  Again, the "Purge" function will not clear this information.

One of the biggest obstacles surrounding this whole issue of Copier Security is the apathy and ignorance of the Manufacturers.  Most copier technicians today still believe the built-in Purge function deletes all information on the copier.  To make matters worse, most copier technicians don't know where the different type of information is stored.  Some data is stored on the hard drive, some data in flash memory, and some data is stored in firmware.  Sensitive information is stored in different places depending on the manufacturer and model of copier.  Just when you think it can't get worse.  Let me drop the final shoe.  There are no utilities that will scan a copier and certify that it has been completely purged from older digital copy machines.

As I mentioned earlier, this CBS news story only scratched the surface of the real risks associated with digital Copier Security.  The Copier Security pioneers who were interviewed in the CBS story, Digital Copier Security inc., have done extensive research on these security risks and are working to provide services and resources to help companies thoroughly purge their older copy machines.  I applaud Digital Copier Security for bringing this issue to the attention of Corporate America and for working diligently to address this significant security hole.

I encourage the Copier industry to take responsibility for ensuring new copiers have the capability to purge themselves of all sensitive information and to provide a certification report indicating what has been purged.  This should be a standard feature on all Digital Copiers and not an add-on feature that comes at an additional cost.  Additionally copier technicians should be trained to thoroughly purge all Digital Copiers.

Until such a time, Corporate America must take necessary steps to ensure their own safety.  They must ensure they are not exposing themselves to unnecessary security risks or even breaking Privacy Laws. Digital copiers must have processes defined (and documented) that ensure appropriate actions are taken before copiers are released to third parties.

For More Info - http://ctcopier.com/new-copiers/