Information Security: Protecting Your Data is NOT Just a Cyberspace Issue Anymore
by Tim Rhodes

It's about time that you understand that office equipment and devices that hold information – either temporarily or for long periods of time – can be accidentally or intentionally transferred to criminals who wish to make a quick buck by directly using or selling this. Your office photocopiers and those found at stores like Kinko's can now be added to the list of items that can leak your company's personal data. These multi-function printers usually contain small hard drives that can be removed and accessed by virtually anyone who has a computer and a hard drive data cord.

Recent personal data losses across the nation have been attributed to employees mishandling or purposefully removing hard drives for the purpose of exploiting information that is digitally held by the memory devices inside them. The problem is so significant that a major copier company issued a security advisory warning that the hard drives on many photocopiers can store scanned documents.

How Easy is it to Obtain Information or Documents from Copy Machines?

I decided to do a little test of my own by going to my local Kinko's, since our office copier lacks anything "high-end." I found a higher-end digital copier machine that had scanning capabilities. My intention was to ask a Kinko's employee if the machines had hard drives embedded within their skeleton.

However, I came across a information security hazard that immediately captured my interest. I discovered that the machine had a "recall" option where the last three items copied or scanned were still made available! I chose one of the three, and the MFP started printing out 10 copies of what appeared to be a confidential presentation from a local company that was proposing the acquisition of a large, publicly traded company.

I later checked secondary research and open-source news and investor sites and discovered that the notion of a merger or acquisition with the company in question was not even being considered, much less publicly released. This could have caused a real issue for the company involved if a "get-rich quick" trader had leveraged this information in the stock market.

I then asked one of the Kinko's employees about the hard drives allegedly installed in these machines. The employee kindly told me that these copy machines were "top-of-the-line digital MFPs each containing 1 Gigabyte of hard drive space for storage."

Another Shocking Reason Why Your Local Copy Shop is a Source for Competitor Intelligence

When I asked how information could be accessed from the MFP hard drives, she told me that the hard drives are "easily removable" from the machines. I then inquired about how this might place personal or corporate information at risk, and I was surprised by the response I received from her: "Internal MFP hard drives are definitely an issue, but what gets me the most is when people come in here from area businesses and photocopy and print dozens of copies of confidential and non-public materials and then just leave extra copies laying around. I am always picking up off the copy machines copies of presentations marked ‘confidential,' ‘do not distribute,' or ‘internal company information – not for external distribution,'" the employee told me.

She further told me: "And, it must be common knowledge that documents get left at a Kinko's, because there was a guy who came in here each week and collected presentations and extra copies left on the printers or scanners. After about the fourth or fifth day, I asked him what he was doing and he told me that he worked for [name omitted – the company is a competitor of a Fortune 500 company in the area]. He was hired as the company's competitive intelligence manager and one of the first places he goes to get his information is the Kinko's closest to the competitor's facility."

My jaw nearly dropped.

While I remain extremely concerned about the issue of security with digital copy machines, I am also concerned that companies are actually lurking at Kinko's shops for competitor information. So, let this be a lesson: not only are digital copy machines not secure, it appears that employees who lack common sense are making the local copy shop a source of competitive intelligence!

Investing in basic information security awareness training and in annual audits of your company's risk level for information loss can help prevent embarrassing incidents of personal customer data loss or confidential company document loss.

Now, the question is: How are you going to protect your data both in the online and offline world?


Data Protection Expert, Tim Rhodes has helped hundreds of companies just like yours protect their most valuable asset. Now, you can discover if you're doing everything you can to prevent information loss with Tim's Free Risk Assessment Quiz. Take the FREE QUIZ now at: http://www.webargos.com/quiz and see if your company is at risk!

Many more articles in The CIO Refresher in The CEO Refresher Archives

     
   
   


Copyright 2007 by Tim Rhodes. All rights reserved.

Current Issue - Archives - CEO Links - News - Conferences - Recommended Reading