How Your Copier Became a Security Risk

copier security Just when you thought it was safe to copy or print a document in the office, something comes along to shake your confidence.  Back in the old days, a copier just copied what you put on the glass.  It used heat, toner and static electricity to reproduce your document.  As long as no one took your copies, your documents and your information were safe.

Then along came digital copiers with their ability to store documents on a hard drive.  This was great because you could also email or fax the document after you copied it.  The copiers also became printers and scanners which let you do many tasks with the same device.  These new multifunction devices or peripherals (MFP), could also become a simple document management system.  They stored every document scanned, copied or printed on their hard drive.  And you could retrieve them.

These devices became more sophisticated when manufacturers starting putting operating systems on the hard drives.  Now with a browser it was easy to configure and manage the device.  It could also send alerts when it was jammed or out of toner.  The operating system made it easy to run embedded applications on the devices.  This created new ways of moving scanned, copied or printed data into business applications.  Now you could scan an invoice from an MFP and move the document and the information it contained into an accounts payable system.  All of this turned the lowly copier into a sophisticated information management system.

With all of this new found functionality came some new risks.  People eventually realized that this new copier is another computer on your network.  It has a network card.  It has a hard drive.  It has an operating system.  It has a user interface.  It is accessible through a browser, just like a web server.  It is vulnerable to the same security issues as any other computer.  A user could potentially access anything stored on the hard drive, including all the documents, if security measures were not implemented.  

Unfortunately most copiers and MFPs are managed by purchasing or facilities departments and not IT.  With recent headlines, like the one where CBS News found sensitive documents on some copiers in a New Jersey warehouse, more IT people are taking notice.  Recently, lawmakers in NJ proposed legislation that the hard drives of digital copiers be wiped clean when they are no longer in use by the person or organization that purchased or leased them.  The US Congress is also taking notice with a request for the Federal Trade Commission to investigate possible identity theft from digital copiers.  

So now your simple copying and printing device is a security threat.  Fortunately copier manufacturers have numerous security measures built into their devices.  Most come with kits to clean the hard drive after each copy, print or scan or when the customer requests it.  Many allow a customer to encrypt all the information on the hard drive, so even if it gets into the wrong hands, it’s useless.  Those embedded web servers can locked down so only authorized people can access them.

The good news is with a little education, training and some technology, your digital copier or MFP, can do want you want it to do without being a security hazard.  Talk to your IT department to make them aware of the potential vulnerabilities so they can take action.  The last thing you want is your confidential information showing up on the evening news.

Comments 4

  1. Any device with a permanent storage capability falls into the classic data retention and destruction category. Hard drives inside higher-end printers is nothing new. They have been there for about 15 years now. Who’s been asleep at the switch?

  2. I think most organizations don’t think about the risks of the hard drive in an MFP. Most don’t think of it as a computer, but obviously it is. I hope more will view it as such with all the publiclity out there.

  3. Great post Ron, most organisations do need to spruce up their document security. However, the most common security issue is surprisingly low tech – Lots of our customers tell us their print jobs are misplaced/ stolen/ at risk before they can get to the printer to collect them! Luckily there are ways to easily remedy this by using technology that allows users walk to their machine of choice and ‘pull’ their print from their personal print queue using a swipe card or pass-code.

    1. Thanks for the comment. You are right. Using pull software helps with the simplest of issues – stealing a piece of paper from the printer or copier. I know this is very big in Europe and in certain professions, like legal.

Leave a Reply

Your email address will not be published. Required fields are marked *