Are Printers and Copiers Stealing Your Information?

August 2, 2021 at 6:15 pm by Amanda Canale

Copiers, printers, and document scanners are just as much office staples as any other piece of equipment (aside from, probably, an actual stapler). While these kinds of devices are not programmed to typically store any sensitive data, they may be harboring more data than you think. Everything from new employee records, tax forms, HR documents, and other kinds of personally identifiable information (PII) and unclassified or classified information are just ticking time bombs. In this blog, we discuss how hackers can tap into your copiers and scanners and steal your private information.

Since approximately 2002, most digital copiers and printers use hard drives that store and manage all the data, documents, and images you are copying, printing, and scanning. Mix that with their web-based interfaces, and now your office serves as the perfect cocktail to lure in online hackers. (In layman’s terms, this means that your copies are essentially giant computers and vulnerable to all sorts of cyber-attacks!)

Most digital copier manufacturers offer some sort of data security feature that involves encryption and/or overwriting to ensure the safety of whatever information you are printing, copying, or scanning. So hopefully, your office’s IT department has already either installed the software to protect you and your data from cyber-attacks or has a system in place to securely sanitize that data. It’s important to discuss your device’s security features with your IT department since each device is different; you should know whether your device’s memory is automatically wiped, needs to be manually wiped on a preset schedule, or another option altogether.  Depending on what those features entail, a schedule should be set in place to ensure a routine is followed.

Some practices you and your team can integrate into your routine are using authentication or additional verification methods that include a mix of a password, card swipe, biometric information, or other similar methods. By implementing more preventive measures, you can help lower your risk of cyber-attacks.

Remember when we said that copiers are essentially giant computers? Well, that also means that their hard drives work the same as computer drives in that overwriting a drive is vastly different than reformatting or deleting. According to the Federal Trade Commission (FTC), simply deleting the data or reformatting the copier’s hard drive “doesn’t actually alter or remove the data, but rather alters how the hard drive finds the data and combines it to make files: The data remains and may be recovered through a variety of utility software programs.” Like other hard disk drives, methods such as cryptographic erasure and data erasure would allow the drive to be used again, but these are not secure and foolproof destruction methods. Information, whether encrypted or unencrypted, can still linger behind on the drive and be accessed, even if it has previously been deleted or overwritten. (You can read more about how not to destroy hard drives in our previous blog post.)

When it comes time to destroy your copier’s end-of-life hard drives, it is always best practice to conduct destruction and degaussing in-house. To ensure the secure destruction of your data, SEM recommends always following NSA standards and degaussing all magnetic media, including hard disk drives (HDDs), prior to physical destruction in a shredder or crusher.

By degaussing the drive prior to physical destruction, organizations are choosing the most secure method of data destruction per NSA guidelines as this is the only way to be certain that the end-of-life data has been properly destroyed. When magnetic media is placed in one of our degaussers, powerful magnetic fields essentially scramble and sanitize the magnetic tapes and drives, eliminating all sensitive information from the device. This crucial step securely renders the drive completely inoperable. Once the device has been degaussed, it should be physically destroyed. This two-step method of degaussing and physical destruction — mandated by the NSA for classified media — is without a doubt the most secure method of sanitization for magnetic media such as HDDs.

Solid state drives (SSDs) and optical media cannot be degaussed, so it is critical that each and every chip on a solid state board is destroyed in order to properly sanitize the data. Depending on media type,  crushing, shredding, or disintegrating is recommended. It is also important to remember that a data breach is a data breach, no matter the level of impact. At SEM, we have solutions to securely destroy any type of media on any type of device, ensuring your end-of-life data stays where it belongs: at the end of its life.