Did you know that your snazzy, modern photocopier, like your computer, has a hard drive that can log all of your activity and store it?
It’s a little known fact that many photocopiers don’t just copy your documents onto paper, they create a digital image which is then stored on the copier’s internal drive. What this means is that unless an individual or corporation takes steps to actively overwrite the drive before the copier is scrapped or resold, they could see sensitive data fall into the wrong hands, and run the risk of falling victim to identity and intellectual property theft.
While many corporations take steps to destroy evidence stored on computers and handsets before disposal, photocopiers are typically not viewed as computers and so not treated with the same level of care, despite their ability to perform many of the functions of a personal computer.
For corporations looking to dispose of copiers securely, there are a variety of options. It is possible to remove and physically destroy a copier’s hard drive prior to disposal. Alternatively, some machines, such as those produced by Xerox, now offer digital shredding, which involves overwriting the copied files so that they cannot be recovered (although computer forensics analysts may still be able to recover fragments of data).
In terms of day-to-day security, the ‘digital shredding’ process may be considered necessary not just at the point of disposal, but all the time the copier is in use. This is because even while a photocopier sits safely in an office, it still poses a security risk, since anyone with access to the machine could access and copy the drive, potentially laying their hands on information they are not permitted to view, such as invoices, contracts and even passports copied for HR purposes.
In fact, a would be hacker needn’t even necessarily have access to a company’s building in order to access the copier’s data. Many modern photocopiers also possess the ability to fax and/or email copied documents, and also connect wirelessly via the corporate network to other computers for the purposes of document scanning. This means that if a hacker were to gain access to the corporate network, it may be possible to not only access sensitive data on the copier wirelessly, but also transmit it electronically to any desired location.
Ultimately, it is important to treat a photocopier just as you would any other computer – as a source of highly sensitive data, and a potential window into your corporate network. For this reason, for any corporation in possession of such copiers, security measures should stretch beyond disposal and ‘digital shredding’, to address issues such as network security and even who is physically allowed access to the machine