| As we launch into 2010, the IT industry is faced with | | | | they don't have the technical knowledge of where |
| three major challenges. What makes these so | | | | your information is stored, or how to purge it. Most |
| significant is they are not on the radar of most | | | | technicians believe the copier is purged when the |
| companies. In this report I will address the second | | | | images are no longer visible to the display. Don't fall |
| challenge we, as an industry, have ignored. Although I | | | | for their ignorance on this matter. Also, don't think |
| can't provide answers, my hope for these articles is | | | | you can push the responsibility onto the leasing |
| to expose the issues and launch a dialogue within the | | | | company as I guarantee your lease agreement |
| IT community as we search for answers. | | | | doesn't require them to provide this service. |
| Your Digital Copy Machine can't keep secrets | | | | This is one of corporate America's biggest risks, yet I |
| You'll never guess who's walking out your front door | | | | haven't found any company with security policies |
| with confidential data. Yes, it's the guy who leases | | | | addressing digital copiers. Most end of lease copiers |
| you your copy machine. When digital copy machines | | | | are sold overseas where recipients of these copiers |
| are replaced or come off lease they are wheeled out | | | | (and your data) are not subject to US laws. |
| your front door with a disk-full of images that were | | | | Do you know who has your old digital copy machine |
| printed, scanned, copied or faxed. | | | | and all your data that was on its hard drive? |
| Digital copiers can't erase their hard drive so at the | | | | How many digital copy machines do you have that |
| end of their lease, gigabytes of images inside the | | | | are ready to go off lease? How will you ensure your |
| copier are wheeled out your front door. Newer copy | | | | data doesn't go off site with the copy machine? How |
| machines can make the data unreadable to the | | | | will you ensure your competitors or hackers won't |
| copier itself but your data is still on the disk! If you | | | | get their hands on your data through your old copier? |
| happen to have a network connected digital copier, | | | | Are you at risk of lawsuits from employees or |
| additional information is retained on the copier such as | | | | vendors that use your copy machines? This is a |
| IP addresses, DNS server IP addresses, email | | | | security issue we cannot ignore, and it's an issue |
| addresses, etc. | | | | without an easy solution. The options available are |
| A company called Digital Copier Security Inc (DCSI) is | | | | limited and can be expensive for companies with |
| a pioneer in raising awareness to this security hole | | | | multiple copiers. DCSI provides a certified disk |
| which exists at most companies. DCSI claims they | | | | scrubbing service. Another option is to purchase a |
| have obtained "off lease" copy machines where they | | | | "Security Kit" which is expensive and not user |
| scanned the hard drives with proprietary utilities and | | | | friendly. The device is so troublesome that most |
| have recovered thousands of pages of documents | | | | companies disable them over the course of time. |
| fully intact. Here are some examples of what they've | | | | If your company is regulated by SOX, GLB, HIPAA, |
| recovered. | | | | FERPA or FTC Red Flags, a breach can be construed |
| - A complete home refinance application including | | | | once your digital copier leaves your possession and |
| applicant's full name, SSN, current employer, previous | | | | control. Considering the costs of fines, penalties, |
| employers, bank account numbers, etc. | | | | sanctions, public notification, credit monitoring, and |
| - A Spreadsheet showing employee names and | | | | damage to a corporate image. Careful purging of |
| company issued credit card numbers. | | | | these machines should be a top priority for every |
| - Full Tax Returns | | | | company. |
| - Confidential Medical records | | | | As you can see from this series, IT has three |
| - Confidential Executive Business Reports | | | | pressing challenges; Old paradigms that cripple |
| - Over 20,000 documents were recovered from just | | | | businesses, digital copier security and our "part 3" |
| one hard drive | | | | topic in the final article of this series. These challenges |
| You would never let a vendor walk out of your data | | | | are easily ignored and have been to this day. |
| center with an un-scrubbed hard drive but yet it is | | | | However, ignoring these challenges only puts your |
| done every day with digital copiers. | | | | business at continued risk of pending crisis. In 2010 |
| Don't even think about removing the hard drive | | | | we must take steps to limit our exposure with |
| before releasing the copy machine, doing so would | | | | answers to these challenges. As I mentioned earlier, |
| make the copier unusable and void your lease | | | | my intent is to open the door to further dialogue. Let |
| agreement. You would become liable for the | | | | us consider the door now wide open. I encourage |
| complete cost of the copy machine. Don't expect the | | | | you to propose your ideas and join me in a discussion |
| copy machine technician to purge the device either; | | | | on this topic. |