Data Security Risks Hidden in Plain Sight – Extend ITAM beyond Computers, Servers, and Laptops

By Arman Sadeghi

IT departments concerned with data security are well aware of the dangers from not properly destroying the hard drives that come out of computers, laptops, and servers. However, most IT departments are not aware of other types of devices that contain massive amounts of data. Often, the data on these devices can be even more sensitive than the data found on computers.

One example of this is a device that is seemingly low-tech and one that many people don’t associate with data storage. A random survey we did with our clients (all IT professionals) showed that 74% of the clients who responded claimed to be unaware that the device in question could have a hard drive like a computer or a server. In fact, only 35% of those who responded knew that this device had the capability to store data at all.

So what is this device? It’s a low-tech piece of “furniture” sitting in the corner of the office—the copy machine. It quietly sits there, printing out letters, documents, contracts, copies, and just about whatever you feed into it or send its way. It can also be used to scan files that are sent either to your email or to a folder on your desktop. Either way, the process appears to be straightforward.

When a copy is made of something like a contract, social security card, driver’s license, or a personal document, one would think that the copier captures the image of the paper and reproduces it onto a new sheet of paper, leaving all traces of the document off the device. But this is not true. When a document is fed through most modern copiers, an image is first captured and stored on the hard drive. Then, a print is created from the digital file and the image is stored on the hard drive until the portion of the hard drive is overwritten, which could take months or even years.

Modern copiers use this approach for two main reasons. The first is so that the process of feeding documents through the machine is not slowed down by the printing process, which usually takes longer than the scanning process. In other words, you can feed 200 sheets of paper through a copier and grab your original documents to be put away while the machine is printing the copies. This also allows the device to use the same system regardless of printing, copying, faxing or scanning. To make a copy, a copy is first stored on the hard drive and then accessed for printing. For a scan or fax, a copy is stored on the hard drive and then sent to the computer digitally. To print, a digital file is sent to the hard drive and printed from there.

However, the key is that the “harmless” copier sitting in the corner of your office may contain more sensitive items than your computer’s hard drive. When it comes time to upgrade the copier, most companies are happy to have someone take the old copier off their hands. Some sell their equipment online or give it to the manufacturer selling the replacement. There have been numerous cases of federal agencies, hospitals, and banks donating or selling copiers without knowing the sensitive data that they contain. I have personally witnessed several cases where classified data was released via copy machines, simply because the IT professionals did not think of copiers as data storage devices.

The good news is that this problem has a simple solution. Once you are aware of the fact that copy machines, fax machines, and printers can have data storage devices and full-scale hard drives similar to a computer, you can ensure that these devices are treated no differently than devices like computers and servers that are known to contain data. The toughest part for the average IT professional is finding these hard drives and knowing which devices have them and which ones do not. Ideally, these devices should be handled by a data destruction professional who can remove the hard drives and ensure their proper destruction with a hard drive shredding device or other secure method.

The next time you are walking around the office and your copy machine blinks innocently while printing a document for a colleague, keep in mind that it is keeping a copy of that document on its internal storage device.

Just look at it and smile knowing you know its little secret.

About the Author

Arman Sadeghi is the CEO of All Green Electronics Recycling.