TECH INTELLIGENCE: Hidden threat

Listen to this article

Security-conscious business owners never leave their front door unlocked or hand out their passwords to strangers. But many have already handed their business keys to a potentially dangerous culprit: their digital copier.

These networked multifunction “smart” devices are an integral component of many enterprises because they are for more than just copying — they can handle tasks like printing, scanning, faxing and emailing documents. But digital copiers generally require hard disk drives to manage incoming jobs and workloads to increase the speed of production; this can open a path to data theft.

The concern is the copier’s hard drive, which typically stores data about the documents it processes. The data may be vulnerable to being lifted from the hard drive, either by remote access or by extraction once the hard drive is removed. And if a company processes sensitive information – like Social Security numbers, credit reports, account numbers or health records – it may be required by law to protect the records.

An IT support services provider can take a variety of steps to make sure that digital copiers connected to a company’s network are secure. One approach is to use authentication at the device level by requiring a password, card swipe, biometric information, or other assurance before the device can be physically accessed. Businesses may also wish to ask their managed IT services partner about “pull printing,” which securely segregates the initiation and the release of a print job, reducing the possibility that restricted or classified documents will be left sitting next to the printer where anyone can view them — a situation that often arises when a user wants to print a job using a printer that is located on a different floor or in a completely different building.

The pull-printing process is a kind of two-factor verification for print jobs. In the first step, a user initiates the job from a workstation or a mobile device. Then, before the destination digital printer executes the print command, the user must release it through one of three secure methods: an app or browser-based release, a badge or card reader, or an integrated app that is built into or installed directly onto the console of a supported digital printer.

Additionally, business owners may use software-based print rules or restrictions to restrict access to selected printers and to create an audit trail to help determine the chain of events in the event of a breach. For example, the email “send to address” may be locked so it will only match the domain of the company where the copier is deployed, potentially reducing the chance of an unauthorized extraction.

These and other strategies – like reviewing and confirming there is no auto-BCC setup on the copier – can go a long way to securing digital copier data, but the threats do not stop there. Because technology continues to evolve, businesses often lease digital copier equipment instead of buying it outright. That model raises a new set of challenges because the machine’s hard drive often contains reams of sensitive data — which becomes potentially accessible to the next customer who acquires the machine.

A business owner can try to guard against unauthorized access by setting their digital copier to automatically delete scans from the hard drive once a task is completed. It is a convenient approach, but it may not be as secure as an overwrite, also known as file wiping or shredding.

Deleting data or reformatting a hard drive does not alter or remove the data but instead alters the way the hard drive finds the data and combines it to make files. Consequently, the data remains on the hard drive and may be recovered through a variety of utility software programs. In contrast, an overwrite essentially changes the values of the bits on the disk that make up a file by overwriting existing data with random characters. When the files are overwritten, the space that the file occupied and its traces are removed, and the file cannot be as easily reconstructed.

Digital copiers enable businesses of all sizes to operate more efficiently. But because of the sensitive data they store, these time-saving devices can be vulnerable to bad actors. Companies, however, that take proactive security steps and work with their cybersecurity consultant to reinforce their digital defenses stand a better chance of deflecting the threats.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.