Multi-function copy machines are essential to the success of any business—from making copies to scanning documents and even sending emails. But small business owners beware: office copy machines can also pose a security threat to staff or clients. “Sixty to 70 percent of leased digital copiers are remarketed,” Carmen Pitarra said. “In today’s data-driven world, information can be easily obtained if the safe guards are not used.”
Pitarra is the owner of 4 the Office, a b2b office supply company. He tells the Times Leader News digital copiers and multi-functional devices contain internal hard drives allowing the devices the ability to multi-task. Although, most devices have disk encryption, data breaches can happen and cost millions for the company at fault. The copier’s hard drive is similar to that of a laptop, he said, and can be removed, the information could be accessed through a hard-drive reader, available online starting at $16.95.
Pitarra says small businesses pose the greatest risk because they may not have access to IT departments. That’s why he’s speaking out. So small business owners are aware and don’t have to pay out.
Affinity Health Plan wasn’t so lucky. In 2013 the managed care plan company was found to be in violation of HIPAA Privacy and Security Rules and required to pay federal regulators $1.2 million. The settlement stemmed from a 2010 incident that involved the repurchase of one of Affinity’s digital office copy machines and found the hard drive contained nearly 344,579 confidential medical records. The copier’s hard drive was never scrubbed or erased.
Data breaches can happen easily. That’s why education on industry security measures and how to use them is key. “We are not like ‘the sky is falling’ because it is not,” Pitarra said. “The industry has done its job in creating security measures and kits. We want to raise awareness.”
If your small business is leasing a copy machine, here are three step process we recommend to mitigate your risk of a data breach:
- Have a written security policy that is annually reviewed and if necessary updated. Also make sure employees understand the policy and are in compliance through regular training and education.
- Require copy machines that have hard drives be removed from the machine before being taken from the office. Also, turn on the copy machine’s “Hard Disk Image Overwrite” function to erase images on the hard drive after every print job. Information security professionals warn, however, that these secure methods aren’t a failsafe method to destroy all data.
- Partner with a certified information security company like DataShield. We never resells hard drives. Rather, we properly dispose of hard drives. No matter the information destruction needed, we can help create a tailored approach—leaving nothing to chance.