Multi-function copy machines are essential to the success of any business—from making copies to scanning documents and even sending emails. But small business owners beware: office copy machines can also pose a security threat to staff or clients. “Sixty to 70 percent of leased digital copiers are remarketed,” Carmen Pitarra said. “In today’s data-driven world, information can be easily obtained if the safe guards are not used.”
Pitarra is the owner of 4 the Office, a b2b office supply company. He tells the Times Leader News digital copiers and multi-functional devices contain internal hard drives allowing the devices the ability to multi-task. Although, most devices have disk encryption, data breaches can happen and cost millions for the company at fault. The copier’s hard drive is similar to that of a laptop, he said, and can be removed, the information could be accessed through a hard-drive reader, available online starting at $16.95.
Pitarra says small businesses pose the greatest risk because they may not have access to IT departments. That’s why he’s speaking out. So small business owners are aware and don’t have to pay out.
Affinity Health Plan wasn’t so lucky. In 2013 the managed care plan company was found to be in violation of HIPAA Privacy and Security Rules and required to pay federal regulators $1.2 million. The settlement stemmed from a 2010 incident that involved the repurchase of one of Affinity’s digital office copy machines and found the hard drive contained nearly 344,579 confidential medical records. The copier’s hard drive was never scrubbed or erased.
Data breaches can happen easily. That’s why education on industry security measures and how to use them is key. “We are not like ‘the sky is falling’ because it is not,” Pitarra said. “The industry has done its job in creating security measures and kits. We want to raise awareness.”
If your small business is leasing a copy machine, here are three step process we recommend to mitigate your risk of a data breach: