The ECM industry has been rather strangely silent on the issue of inherent security risks of the copy machine industry, namely the Multi-Function Peripherals (MFP)s. Recently, CBS did a rather revealing story on the subject of copy machines that include a hard disk drive used to store the documents that you copy, scan, email, etc. What is rather alarming here is the images on the hard drives are not automatically erased after the user completes their work. Imagine that?
That means all that sensitive data that you have been copying, perhaps containing personal identity information, health history, financial data, employment and payroll data etc. is on that copy machine's internal hard drive - unless someone takes the extra precaution of deleting it from the copy machine. Would you even know how to delete the images from the hard drive? Were you made aware such a security risk exists in your organization? Worse yet, when your Facilities and/or Finance department says the equipment has reached end of life and it is time to swap out the dinasour with the latest and greatest copy machine, who is taking the responsibility of erasing the hard drive and verifying all that senstive data on the copy machine has been eradicated?
The silence is rather deafening, isn't it?
Hey, the good news is at least one of the MFP manufacturers discussed in this story sells an OPTIONAL utility to wipe that hard drive clean. Question? Why isn't such a utility considered a STANDARD no cost feature on all copy machines given the fact that the copy machine/MFP vendors know the security risk exists by design with every copy machine/MFP that ships out the door? Perplexing.
Tip of the hat to the innovative team at Digital Copier Security in Sacramento for addressing this major industry GAFFE!!! Nice job CBS picking this story up and running with it.
Before you roll out or refresh all those MFP's, consider the organizational security and liability risks and make sure they are adequately addressed. Or, consider using document scanners for the job as the only ones to contain hard drives are usually the large mainframe, production document scanners. And, if those document scanners happen to have a hard drive, be sure you zap them before you retire them from your operation.
Full story can be found on YouTube or by clicking here