A lot is written about protecting the network and safeguarding endpoints, but what about digital copiers?
A new brochure from the Federal Trade Commission released Dec. 3 includes tips for businesses on protecting sensitive information stored on the hard drives of digital copiers. Here are some of the tips:
⢠Before acquiring a copier, plan to have the information technology staff manage and maintain it just as they would a computer or a server. ⢠When buying or leasing a copier, evaluate the options for securing the data on its hard drive – such as encryption or overwriting features that will be used. Encryption scrambles the data on the hard drive, and overwriting – also known as file wiping or shredding – replaces the existing data with random characters so that it is more difficult to reconstruct the file. ⢠When you use a digital copier, take advantage of all its security features, and securely overwrite the entire hard drive at least once a month.
⢠When returning or getting rid of a copier, find out whether the hard drive can be removed and destroyed or for the data to be overwritten. The FTC advised businesses to have a skilled technician remove the hard drive to avoid the risk of breaking the machine.
So it’s not just the PCs you need to worry about. In fact, earlier this year, a researcher at Zscaler revealed how a feature in some of Hewlett-Packard’s all-in-one printers could be abused to remotely steal scanned documents, highlighting printers as a possible attack target and underscoring the importance of paying attention to all your IT equipment.
“Copiers often are leased, returned and then leased again or sold,” the FTC said. “It’s important to know how to secure data that may be retained on a copier hard drive, and what to do with a hard drive when you return a leased copier or dispose of one you own. It’s wise to build in data security for each stage of your digital copier’s lifecycle: when you plan to acquire a device, when you buy or lease, while you use it, and when you turn it in or dispose of it.”