Print Security About Print Security Areas of Concern - Data Security Copier Data Theft Who's at Risk Regulations and Compliance Print Security Solutions Contact Print Security

SocialTwist Tell-a-Friend

Print Security exists to inform businesses and individuals about an emerging area of vulnerability to the security of their sensitive data and to provide workable solutions to protecting that information.

Completely overlooked in most business environments, and virtually ignored in existing and pending legislation, is the fact that today's multi-function peripherals capture and store data on an internal hard drive. The machines we have come to know as "copiers" now perform a number of business functions including copying, faxing, scanning and printing. They are highly sophisticated and contain hard drives and other forms of memory that retain information, even after the machine is powered off.

It is ironic that most companies go to greater lengths to protect information contained on the paper output of these machines than they do to secure the vast amounts of data stored, and fully recoverable, in digital format.

While copiers are in service, data stored in these seemingly innocuous office machines are accessible by: An even greater concern is access to sensitive data once the machine is removed from service. Once a machine leaves its service site, data is accessible by:
   
   

At no point is confidential data at greater risk than the day a copier or printer leaves its user’s direct control. Whether the equipments has reached the end of its useful life, the lease has reached its term, service swap out, upgrade or for any reason, steps must be taken to insure that all sensitive data is permanently removed from the machine. Once your equipment has left
your premises who knows what, when and where it will go? Would you throw your PC or filing cabinet away full of files?

 

Thousands of used copiers leave Australian businesses every month.

At lease maturity, at the end of their useful life, or anytime a company wants to upgrade features or update to the latest technology, new copiers are installed and old ones are removed.

But where do they go? And what happens to the sensitive data that resides on their hard drives?

The first question is fairly simple to answer. Used machines are typically shipped directly to wholesalers who specialise in their resale. At various places throughout the country, huge warehouses stand full of used copiers.

These wholesalers offer the better machines for sale or bid to retail copier dealers who purchase and resell them to their clients. While there is no reliable data available to establish an exact percentage, the majority of used copiers do not make it back into the domestic market for resale.

In order to make room for the constant flow of returned machines, wholesalers pack them into cargo containers and ship them to overseas buyers.

Whether sold to foreign or domestic buyers, these copiers leave the wholesaler with their original hard drives, and other storage devices, full of their previous user's information.

If you've ever shipped a copier from your premises, you have potentially sent thousands of pages of sensitive customer data and company information into the unknown!

   

The threat doesn’t end at the hard drive.

Often, sensitive company information is stored elsewhere in the machine. Customer information, address logs, internal email directories, fax numbers, job logs, network data, DNS and proxy server settings, IP addresses and even unprinted jobs usually reside on the equipment.

Most digital copiers have no firewalls or filtering. In an article from a major university, the IT department uncovered unauthorized use of a network printer/copiers: the students were using the copier hard drive as an exchange server for MP3 music files.

Some functions on the devices also leave your organisation exposed to data leaving your control and you would be none the wiser. For example, one function allows someone to manually insert an email address and blind carbon copy (BCC) themselves, so everything scanned would be sent to an undisclosed recipient Fax numbers can also be inserted into machines so all data sent to devices will go the designated telephone number that could be offsite
Some machines require no hacking at all! Just the press of a button and jobs can be reprinted on demand. Many copiers allow users to reprint any job on the printed job list. Copiers that have a print-and-hold feature store the documents until someone erases them. We can tell you from firsthand experience that, even after erasing, most of the information isn't cleared.

Adding to the concern, majority of the copiers in organisations today offer no simple and effective means to completely purge the data they contain. While some manufacturers offer security add-ons, most users are still unaware and have inadequate protection.

It's easy to dismiss the threat posed by today's digital copiers. However if it wasn’t a real threat, why has nearly every manufacturer released security products like copy data overwrite kits, HDD encryption kits and Data overwrite security units? This doesn’t provide a fix for hundreds and thousands of units that have been put in the field over the last decade.

In addition, our testing has uncovered that units with the above kits have been disabled to allow speed and functions by the end user.

 

Majority of the equipment supplied in Australia and New Zealand is typically underwritten with a rental or operating lease product by a third party financier, so the equipment is never the property of the end user and needs to be returned in good working order.

This poses an issue and could become quite costly as the machine doesn’t work without a hard drive and it isn’t as easy as just replacing it! It is quite a technical process to locate, remove, replace and reformat the hard drive. If done incorrectly the machine will not work and you may find yourself up for the cost of a replacement device or the new model

 
       



Copyright 2010 - Print Security

Contact us | Disclaimer | Sitemap