Business data security: don’t forget about the office photocopier!

Many of us are aware of the security issues surrounding our smartphones, laptops and PCs. We keep them locked when they’re not in use, use secure passwords, wipe the internal storage and hard drives before selling them, and even remotely wipe our smartphone if it is lost or stolen.

One potential security concern that can often be overlooked by businesses however, is the humble office photocopier.

The reason that the office copier can pose a security risk is that many modern copiers contain a hard drive– just like a PC or laptop– which can log and store all your business’s activities. In addition to copying your documents onto paper, many modern copiers store a digital image of the document - which means that sensitive data like invoices, contracts, personnel files, and financial documents are often stored on the drive.

Clearly, this poses a security risk should the copier fall into the wrong hands, as the confidential data could be extracted from the drive leaving your business, employees and customers at risk of identity or intellectual theft.

As photocopiers are usually not viewed as computers, some businesses do not take appropriate precautions when selling or scrapping their copier. In the worst case scenario, this can even have large legal and financial implications, as highlighted by a case in the US in 2013.

The company Affinity Health Plans had to pay a fine of $1.2 million to settle a claim filed by the US Department of Health and Human Services, after failing to clear the hard drive of one of its photocopiers which was later leased to CBS. The drive contained confidential patient information, with the company itself estimating that up to 344,000 patients may have been affected.

Affinity not only had to pay the large fine but were also ordered to make their best effort to track down and wipe all the drives on photocopiers the company had previously leased that were still in the leasing agent’s possession.

So how can your business safely get rid of data stored on the office photocopier’s hard drive? There are a few different options.

Firstly, if you can remove your photocopier’s hard drive and connect it to a PC, then special software can be downloaded which will allow you to ‘wipe’ the drive by writing patterns of meaningless data onto each of the drive’s sectors. The security of this method depends on how many times the data is overwritten, and it is best to choose a high number of overwrites - even though this may take some time to complete. You can even erase several drives at the same time by purchasing a piece of equipment called an erasure station.

The advantage of this method, in addition to securing your data when successfully overwritten, is that the drive can be reused, increasing the value of the copier when you sell it on.   

A second method is known as Degaussing and is carried out by a piece of equipment called a Degausser. This machine emits a powerful electromagnetic field which destroys the data on the hard drive.

Whilst this method can be fast and simple, the Degausser machines are expensive to purchase. Hard drives are also destroyed during the process, reducing the machine’s remarketing value.

A third method is the physical destruction of the hard drive – removing the drive from the machine and making it physically inoperable through disintegration, incineration, pulverization, shredding, melting, sanding, or chemical treatment.

When carried out correctly this is an effective way of destroying data, though clearly, it involves the destruction of the hard drive which lowers the machine’s remarketing value. As the job of destroying the drive often needs to be outsourced, there’s always the potential risk of confidential data being exposed to a third party.

Hopefully, this article has made you more aware of the importance of photocopier data security.  

