As if we don’t have enough potential security risks to worry about! Recently a number of people have pointed out that photocopy machines can have internal hard drives designed to store documents that been copied or scanned. If the machine is replaced, those scans leave the office, usually not encrypted and potentially filled with confidential information.
This is more of an issue at big companies. Small businesses don’t often pay for big built-in hard drives that would store a lot of scanned documents. It’s too easy to hit the “e-mail” button and clog up their Outlook folders instead. Still, it’s a risk that’s worth considering when a lease runs out or a machine is replaced.
Right now, no one has a legal responsibility to wipe copier drives clean of potentially damaging data. Warehouses all over America are full of used copy machines containing millions of files just waiting to be mined by unscrupulous criminal profiteers.
It’s worth noting that the people who think this is an awful security problem happen to run companies in the business of, inter alia, cleaning data off old copiers.
"If I was the kind of person looking for certain information, this would be a gold mine," said Beitner, founder of Cyber Security Canada, a security, privacy and threat management company. "People have no clue of what the risks are."
When this was mentioned recently on uber-popular site Boing Boing, the most knowledgeable commenters pointed out that copiers are rarely used as document servers and are actually very unlikely to have interesting information on them, on hard drives or elsewhere. It’s more of a theoretical risk than a real one. Still, law firms and other businesses with a strict need for confidentiality should be thinking about things like this.
Ask your copier vendor about information stored in your copier when the lease ends. Usually the information can be wiped clean in just a few minutes by someone knowledgeable. Watch out for those unscrupulous criminal profiteers!