One of the constants in business offices decade after decade is the copying machine, and copiers today are far more advanced than in earlier years. But new technology sometimes brings new problems. Modern copiers have hard drives that allow the convenience of digital backups. The hard drives, potentially rich with sensitive data, can also be a target for hackers.
If you lease a digital copier from an outside source, you are probably at the greatest risk. Sometimes, the copier will be returned at the end of the lease period to the equipment company, without having the hard drive erased – a major problem – because there’s a good chance the copier will be rented or sold to another company after your lease period ends.
Best practice dictates that the hard drive be completed wiped before the equipment company re-takes custody of the machine. Otherwise, you have no idea who might have access to your company’s proprietary, sensitive, and confidential information.
Perhaps the biggest real world example is the 2010 Affinity Health Plan data breach [http://timesleader.com/business/2414/digital-copiers-a-security-risk]. Affinity decided to upgrade their equipment, and their digital copiers were sold to other businesses. None of the hard drives were erased, resulting in over 300,000 medical documents being potentially exposed. Because this was a HIPAA violation, Affinity eventually faced a $1.2 million fine.
To avoid a nightmare scenario, there are several steps you can take, in addition to completing erasing a copier’s hard drive before removing it from your office:
· Ensure the company you purchase or lease equipment from properly encodes your copier’s hard drive for the storage of sensitive data.
· Some machines have a disable feature that stops the drive from making backups of your documents. If your copier has such a feature, considering using it.
· If your copier is on a network so that users can remotely print to it, make sure that the network is secure.
There is never a bullet-proof way to ensure data will be safe, but taking steps like these definitely helps make it more difficult for the bad guys to get their hands on your company’s data.