by Lori Lawson
No I’m not talking about those days when your copier gets cranky and jams when there really is no jam or arbitrarily changing its orientation setting. I’m talking about when it gives ups its secrets without your knowing it and puts those secrets in the hands of those who know very well what they have and intend on taking advantage of it.
Digital copiers have hard drives that store data when it copies, prints, scans, faxes or emails documents. If you are copying a flier for the upcoming company picnic then you’re not that vulnerable, but if you’re copying or scanning contracts, employee records, financial statements, or personal sensitive information such as would be found in a financial institution, you are required to protect the confidentiality of that information by following the Gramm-Leach-Bliley Safeguard Rule. If this data is gathered either by remote access or directly from the hard drive once it is removed, it can become a commodity on a very active and aggressive black market.
There are four times in the life cycle of a copier when thoughts should turn to security to protect documents that use the copier’s functions.
Stage one—before a copier is brought to the office. Whoever is responsible for your company’s computers and servers should also be responsible for the security of the digital copier. Make them a part of the buying or leasing process so they are familiar with the device and its security features.
Stage two—at the time of purchase or lease. Usually you can get security features that either encrypt the data or overwrite it.
Encryption scrambles the data that can only be read by certain software and uses a secret code to retrieve the data even if the hard drive is removed.
Overwriting wipes the file by changing the value of the bits on the drive with random characters. This makes reconstructing a file difficult. Usually how often files are overwritten depends on the copier. They can be overwritten on every job, or after a certain number of jobs, or on a preset schedule. The more often the files are overwritten, the less chance they have of being retrieved by someone who shouldn’t have them.
One point about overwriting; it is different from deleting or reformatting. When deleting or reformatting, data is not removed or changed, it is just put in a different place on the hard drive and can be accessed by using special software.
Does the security feature come standard or as an add-on? This is an important question to ask when making a buying or leasing decision.
You can also check if your copier has the ability to lock the hard drive. if so, a passcode is required to lock and unlock the hard drive which protects it even if the drive is removed from the copier. This gives an added layer of security.
One last thing in stage two. Make sure that your lease or purchase agreement gives you ownership of the copier’s hard drive when that copier leaves your business. If you are dealing with someone you trust you can also make an agreement that they will overwrite the drive for you.
Stage three—when the copier is in your business and being used daily. Make sure that the data is actually being encrypted or overwritten. If overwriting, make sure this happens at least once a month.
Your security team should make sure that the copier is properly integrated into the network and take the same care to prevent outside attacks and hacks on the sensitive data that is on the copier’s hard drive as they do for the rest of the system.
Stage Four—end-of-life plans for your copier. Know before going in how the hard drive will be handled and make it a part of the lease or purchase agreement. If you are working with someone you trust, you can arrange for them to overwrite the drive, otherwise, arrange to have the hard drive left behind or returned to you so you can keep it or destroy it yourself. If leasing, avoid removing the hard drive yourself or using an outside technician. This could violate the terms of your lease agreement.
So friend or foe? As a friend, your digital copier is a work saver, time saver and a hub of activity during its life. As a foe, it can be a weak link, security-wise, in your company’s network, giving up its secrets to those who will use the information in ways that could cripple and hurt your business.
Lori Lawson is a LegalShield Director and is an ID Shield specialist. Her company, New Line Associates is located here in Oceanside and she has been a Chamber member for over ten years. Visit their website at newlineassociates.com. Email her at firstname.lastname@example.org for a free, no obligation fifteen-minute consultation. Information obtained from the U.S. Federal Trade Commission.