|
Dangers Of Digital Copiers
We use digital copiers every day at work and for personal reasons at our homes and outside locations like copy stores and libraries to retain a copy of important personal and business documents such as tax returns for future reference. Such documents often include sensitive information including our personal information. What we may not realize is that some copy machines may have built in disk drives to store the images of the documents that we copy for future use. What this means to the average copy machine users is that they don’t need the original documents to make additional copies later on. They can just retrieve the stored document image and copy some more. As this feature facilitates easy copying, it also represents some identity theft and fraud risks. Why? Because, if the digital copiers lack decent security and access controls or if the available security features are not used properly, then confidential and personal information may accidentally or intentionally be disclosed to identity fraudsters. As this digital copier storage feature can increase productivity and efficiency and we would want to continue its use, let’s analyze the required security features that manufacturers must put in place and users of the copy machines must be aware of and know how to use them to manage identity theft risks: 1- Stored document should only be accessed by the document owner. A user of a digital copy machine who owns the stored document should be the only one who can later access the same file to make additional copies. Therefore, a copier should take advantage of an available identification and authentication mechanism to only allow a data owner access the stored file. A lot of times, access is not protected or rather restricted when using a copy machine within a company. Although, I’m not advocating to not share files and stop being efficient and productive at the workplace, especially when we consider how large some files can be, I am advocating a controlled sharing process where only the intended people can access the files. 2- Data should only be stored for a limited time. The data storage space, which the old data occupies, must be deleted or overwritten by new data after a predetermined and programmed period of time. This feature will reduce the risk of unauthorized access to data that is unnecessarily stored for a lengthy period of time. The period for which a company might decide to keep a file may depend on the nature of the company or the document itself. If a length of period can be applied to all stored documents, then the company can program that length within the machines and automatically force it upon the users of the digital copiers. If more flexibility is needed, companies can force users to enter a period of time that a document must be retained for if users express a need to retain these documents. A guideline can be published to provide users with specific directions on which type of document should be maintained and for how long. 3- Data should be encrypted while at rest within the machine. For the predetermined length of time that we plan to store the data within the machine, we should encrypt the data so that even if hackers break into the identities of users and access the files, these files remain useless. 4- Segregate digital copy machines used for file storage and copying the same documents from the machines that do not store data and are only used for one-time copies. Companies should attempt to have two sets of digital copiers; one that stores data and has strong security controls for documents in need of frequent copies, and another for one-time copies and which does not store data. The goal is to limit the risks. 5- Before selling or donating the digital copiers, erase all stored data. This is similar to when companies and individuals sell or donate their computers to charities and others. Digital copiers like computers may contain a lot of stored sensitive data that needs to be either moved to another storage device if their retention is required or be discarded if they are no longer needed. 6- If an outside copier is used for a one-time document copy, make sure the storage capability has been deactivated for your use. |
