When CBS ran the 5 minute video about how your copy machines hold copies of all the documents copied on their internal hard drives, many of you started asking questions.
As mentioned in the story, if you ever sell or the lease expires on your copy machine, the hard drive in the device may contain very private information. Thank you so much to all of you who sent information about the video—that kind of “heads up” is always appreciated.
This is a concern for identity theft and also a source for other private information falling into the wrong hands. Organizations that fall under HIPAA compliance, Gramm-Leach-Bliley Act, PCI-DSS, and other regulations are sometimes more sure of the risk.
Earlier this month while I was performing an audit on a client’s network, he explained that he refuses to allow his staff to “outsource” making copies even to their CPA firm. He does this in order to “isolate” the area he needs to protect. He has a strict policy that documents can only be copied using copy machines in their office.
One of my readers is in contact with an organization that processes used copiers and they make sure to erase the hard drives before the copiers go to new owners.
If any of you are specifically seeking a copy machine security specialist, the CBS video interviews John Juntunen and it appears his web site is www.copiersecurity.com. The phone number on the web site is 530-672-9300 if you want to explore his services. The web site shows they offer a service that will remove your copier’s hard drive, destroy the drive, and replace the destroyed drive with a new drive formatted for use with that copier. They also offer anti-tampering kits to help you monitor your copiers to at least know if someone has accessed the data on the hard drives.
One point he made in the interview is how many companies do not seem to care about security until they have a breach—and then it is too late. I’ve felt the same frustration in the past. Security, be it in your computers, servers, or copy machines, is an important issue!
Please post any of your experiences or additional ideas about copy machine security here on this blog.