Carl Mazzanti
Responsible business owners will never leave their front door unlocked and unattended. They also won’t give out confidential passwords to anyone. Without realizing, many business owners have likely given away their business keys and passwords to a potentially dangerous person: their digital copy machine.
Networked, multifunction “smart” copiers are a key component of many businesses simply because they can handle many tasks beyond copying — think of actions like printing, scanning, faxing, and emailing documents. The issue, however, is that digital copiers generally require hard disk drives to manage multiple incoming workloads and to increase the speed of production — and this can be a gateway to data theft.
The copier’s hard drive typically stores data about the documents it processes; while this is necessary to the device’s operation, it means that the data on the hard drive could be vulnerable to hackers, either by remote access or by extraction once the hard drive is removed. This is more than an inconvenience, since a company’s reputation may be at stake. And if the business processes sensitive information — including Social Security numbers, credit reports, account numbers, or health records — the enterprise may have legal obligations to protect the records.
An IT support services provider can take a number of steps to ensure that digital copiers connected to a company’s network are secure. One way to ensure that digital copiers connected to a company’s network are secure is to use authentication at their device level. This involves requiring a password or card swipe before physical access can be granted.
A company may also be interested in asking their customers. Managed IT Services partner about “pull printing.” It securely segregates the initiation and the release of a print job to minimize the possibility that a user will inadvertently leave restricted or classified documents next to the printer, where anyone can view them. This happens often when users need to print a job from a different floor or a different building.
Two-factor authentication is required for pull-printing. A workstation or mobile device is used to initiate the job. Next, before the destination printer executes the print order, the authorized user must release it using one of three secure methods. This includes an app or browser-based, badge or card reader, and an integrated app that is installed onto or built into a supported digital printing console.
Business owners can use software-based printing rules to prevent unauthorized access to certain printers. They also create an audit trail that will allow them to track the events leading up to a breach. For example, the email “send to address” may be locked so it will only match the domain of the company where the copier is deployed which may reduce the chance of an unauthorized extraction.
These and other strategies — like reviewing and confirming there is no auto-BCC setup on the copier — can go a long way to securing digital copier data, but the threats do not stop there. Businesses often lease digital copier equipment as technology evolves. That model is efficient but also raises a new set of challenges: the machine’s hard drive often contains reams of sensitive data that could be accessible to the next customer who acquires the device.
To protect against unauthorized access, a business owner can set their digital copier so that it automatically deletes scans from the hard disk after completing a task. It is a convenient approach, but it may not be as secure as an overwrite — also known as file wiping or shredding.
Just deleting or reformatting data on a hard drive doesn’t alter or remove it. It only alters the way that the hard drives finds and merges data to create files. The data will remain on the hard drive, and can be recovered using a variety utility software programs. An overwrite, on the other hand, changes the data bits that make up a file. It overwrites existing data with random characters. Overwriting files removes the space and traces of the file and makes it impossible to reconstruct the file.
Many businesses can operate more efficiently with digital copiers. Bad actors can use these time-saving devices to steal sensitive data. Businesses can take proactive security measures and partner with a qualified cybersecurity firm. Cyber Security Consultant To strengthen their digital defenses, however they increase the likelihood of deflecting the threats.
Carl Mazzanti is president of eMazzanti Technologies Hoboken, NJ offers IT consulting services to businesses, from small businesses to large multinational corporations.