There has been a lot of mention about the risk copiers can pose to personal information security of late. Indeed, it’s been covered in the traditional media as well as in many blogs.
Bill Detweiler of TechRepublic mentions a poll he conducted last month in response to a CBS piece which covered this subject showing many don’t bother wiping information from the hard disks of multifunction copying devices which have them. Bill also refers to an article he wrote back in 2007 which mentioned the security problems with digital copiers.
This problem, however, goes back further than even 2007. I remember working tech support in the late ’90s when we had some digital multi-function copier/fax/printer devices which operated on a system based on Microsoft Windows NT 4 running Internet Information Server (IIS). We didn’t realize they were based in NT 4 with IIS until an internal security scan revealed them as such. We assumed, up to that point, they would have been Linux-based or working on some proprietary system. These devices had no interface to the internal operating system and could not be patched – even by the manufacturer (or so we were told). That made them vulnerable to cracking. Remember the “Code Red” worm? Needless to say, those devices were replaced as quickly as practical.
To maintain good information security, it’s best to treat all systems with any kind of memory whatsoever with care when replacing. If the device has any type of memory, whether hard disk, RAM or flash, it needs to be wiped before disposal. When in doubt, wipe it out. If it cannot be wiped, it needs to be destroyed or turned over to a reputable service which will certify its destruction.
Treat the devices as you would a piece of paper which has sensitive information printed on it. You’d shred the paper, so you must do the electronic equivalent with documents stored in electronic devices.
