Did you know that techies with too much time on their hands can download hundreds of images including police records, payslips and National Insurance numbers from the hard disk drives of Internet-connected digital copiers in your office? Using a forensic software application that’s available for free on the Internet, service technicians have reportedly been able to tap into hard drives on digital copiers and extract stored information.
Most modern office photocopiers have a hard disk inside. On that drive is an operating system, since the photocopier is controlled by a small computer. It also has lots of information on its platters. Potentially confidential data. When you make a copy, the original is scanned and a file is created on that hard drive. Then the actual copies are created. Afterwards, the file on the hard drive is NOT erased or deleted.
Encryption on photocopiers has improved with information on hard drives in most cases encrypted by default, but there’s obviously still a backdoor being left wide open. Most modern digital copiers support Immediate Image Overwrite (IIO) or On-Demand Image Overwrite that will effectively delete saved images, but the vast majority of legacy equipment don’t have this luxury.
The latest Samsung digital copiers overwrite hard drive data three times in compliance with United States Department of Defense (DoD) directive, preventing forensic software from extracting useful information. Xerox say its image overwrite feature is available on most of its digital copiers and this electronically shreds information, while Sharp also offers a security kit that encrypts data on the hard drive and shreds stored information.
Luckily, most manufacturers offer security software to remove data. Third party data removal tools also exist, but your printer manufacturer should be able to give advice.
Manufacturers have been extremely casual about security of copier hard drives. One important thing to consider is the obligations of companies and organisations to conform to the Data Protection Act. This act expressly requires that personal data be protected against unauthorised access by appropriate technical measures. The manufacturer may have a legal obligation to provide companies with the neccessary tools, service and advice to protect data that’s stored on photocopier hard drives from theft and this should be done free of charge.
In cases where the organisation or company need to conform to the DoD directive and software is not available to delete hard drive information, then there is no alternative but to remove the hard drive at the end of the lease. Xerox has become one of the first manufacturers to publicly offer hard drive removal at the end of the copier’s life.