Copiers, printers, and scanners still in cyber security line of fire
The National Institute of Standards and Technology (NIST) recently issued Bulletin NISTIR 8023 to draw attention to the threats and vulnerabilities of Replication Devices. In addition to known vulnerabilities, namely the retrieval of information stored on a device’s hard drive, the bulletin addresses other general threats and network connectivity issues, and proposes various security options.
As a reminder, digital photocopiers or printers that are purchased or leased by businesses store information on their hard drives. When replaced or discarded without wiping the hard drive, any sensitive or personally identifiable information that was printed, copied or scanned, such as social security numbers, pay stubs and even protected health information, is retrievable within hours of purchase on the second-hand market.
Agencies leasing digital copiers should make sure that the hard drive is wiped before leaving the premises. A mere deletion is not sufficient. If you are about to replace a copier you fully own, contact the manufacturer to secure or to remove the hard drive before disposing of the equipment. And make this process a part of your information security program and office procedures. Network accessibility should now also be included in the review.
Access a 2010 CBS article highlighting easy retrieval of information from replication devices