Identity theft is always in the news, as well as corporate espionage and protection of personal information. Your personal information can also be compromised by the copy machine you use at work, home or in a public location.
Back in 2010, ABC broke a news story that shocked a lot of security professionals and caused a lot of embarrassment as we realized the enormous potential for information release. The reason why, is that all modern/digital copiers, since 2002 have hard drives that capture images of everything that was run through them, and when the copier is turned in, if the HDD is not removed and erased or destroyed responsibly, it can yield thousands of images-many of them very sensitive and potentially damaging.
The fact that sensitive law enforcement information, payroll details as well as healthcare information including a cancer diagnosis was uncovered this easily was unbelievable, and a major violation of federal laws!
This can be a risk for everyone. Just consider the copier you used over at Staples to copy your tax returns, birth certificates and other sensitive documents. What about the copiers in the hospital, pharmacy or Dr’s office with medical records, the police department, company payroll and human resources departments-the list goes on and on.
Many thousands of copiers are replaced in the US every year, and the old ones are refurbished and sold into the grey market- usually overseas- many ending up in South America, China and the far east with many of our secrets to be discovered. This is a bonanza for would-be identity thieves-for a few hundred dollars they can get a used copier and very easily retrieve 10s of thousands of pages of sensitive documents the help steal identities or worse.
The copier industry has responded with optional erasing technology that will erase the documents after they are scanned- a great solution. The problem is that many customers to date have not felt the need to spend the extra $500.00 this option costs.
The NSA-(National Security Agency) who determines the best way for our military and government agencies to destroy their classified and Top Secret information recommends a 2 step process of degaussing and then physical destruction-the smaller the end-particle the better. They say that degaussing using one of the NSA approved degaussers and then physically destroying-(shredding) will insure that the information is gone and will never come back.
Now that we know there is a security issue with copiers, there are some things you can do to protect yourself and your company. It is difficult to control what other people do with your information, but personally and especially if you operate a business that uses copiers-(and who doesn’t)-here is what you should do.
If you don’t want your information to be compromised:
- Make sure you avoid using copiers in public establishments where you don’t know what will happen to the copier when it is turned in or replaced at end-of-life or because of a malfunction.
- If you own a company, demand that any copier that is replaced is only taken off your property after the HDD is removed and given to you for safeguarding.
- Destroy the HDD and its contents properly buy degaussing and then physically destroying the drive before recycling it or throwing it into the trash.
These common sense strategies will hopefully keep your information off the street and prevent an inadvertent information release from a copier hard drive.
You may not need the high level of security the government is required to use-(degaussing and shredding), but there are many options available from SEM, and I say better safe than sorry!