Most all copiers and multi-function printers (MFPs) have hard drives. It would be rare to find one that doesn’t anymore. Even most printers have hard drives in them. In truth, these hard drives can be a huge benefit if used correctly. They help you to do business faster, allowing you to save workflows, email addresses and more within the device itself. If mismanaged, though, these hard drives can cause pain and even breach government regulations. So, what is actually stored on these hard drives and why should you care?
Copiers and MFPs are more like computers than you may give them credit for. I have a comparison here if you don’t believe me. Like computers, these devices have an operating system (OS) that makes them run. In the case of Lasers Resource – HP has Future Smart and Xerox has Connect Key. This OS data allows the device to run and controls the user interface (UI) and user experience (UX). With the rapidly expanding applications that work with copiers and MFPs, this is becoming increasingly important. The more apps that allow you to scan a document into DropBox, the more the UI/UX will be enhanced. With smart phones sweeping the world, all manufactures are trying to make their UI more like interacting with a screen.
Without the ever-evolving UI we would still be stuck with the single line of text, 2 arrows and an okay and clear button interface, not what we would expect or accept for almost 20 years into the 21st century. Although this was the golden age of print that delivered us classics like "PC Load Letter".
As I mentioned before, you can save address books for emails and fax numbers right on your copier or MFP. This is a huge time saver, being able to send directly to the end contact and not having to email yourself a file just to go to your computer to email it to them. It also helps because no one has a rolodex or a physical address book in the office anymore (no offense to the few that still might. But, like, come on, guys).
Any additional software that you apply to the copier or MFP stores system data on the hard drive as well. There are a lot of different software solutions that work with imaging devices. Software can enhance faxing, user workflows, rules and policies and that do not let a print job come out until a user enters a code.
With workflows becoming more complex, they have to be stored somewhere. How else will your copier know that this file has to go to Bridget in Accounting, Susan in HR, and be sent to three different document repositories? And that’s just one workflow! Most companies have several per department and even several per role or user in each department.
Common print jobs can be stored on a device. Let’s say your HR department has many different forms that work with on-boarding new employees. Those new employees need to complete these four forms for their personnel file. There could be a copier on the way to the room where the new employee completes these forms or in that room that holds these jobs. Then, the on-boarder can print them directly from the copier’s hard drive and you can make sure that these files don’t get corrupted or sent outside the organization by mistake by an employee.
What else is stored on the copier’s or MFP’s hard drive? Everything. No, really. Any print job, any fax, any copy, any scan (paper or otherwise - you know what I’m talking about Holiday Party of 2004). This is where the pain comes. With all of your company’s secrets stored on a device most people don’t even know has a hard drive, you can never know what will happen with your data.
A local heath care provider recently found this out the hard way when one of their employees gave an old fax machine to someone outside of the organization. This device had stored years’ worth of fax transitions. If you work in medical, you know this is still the primary way of transferring patient files, accepting new patients and basically everything. This was a huge problem for the local health care provider since they just breach HIPAA in a massive way.
“My device would never leave my company like that though, we have a managed print service (MPS) agreement and my printing partner takes all my devices away.” Well, MPS partners aren’t perfect, present author’s company excluded, and they make mistakes from time to time. What you should do is always get a certificate of destruction for each hard drive your MPS partner takes away. Many times, these old copiers go to a “graveyard” for pulling parts or are otherwise unsupervised with the hard drives still in them. Some shadier MPS providers will even wipe the device down with a rag and resell it as “slightly used” to make a quick buck. Now your company information could be anywhere, even in the hands of your competitors.
“What if my device never actually leaves my company, am I still at risk?” Well, let me put it to you this way – all that data is stored on a device that is normally not locked down and is always listening for any incoming transmissions. Copiers, MFPs and printers are a way that a lot of businesses get cyber attacked. “But the copier is behind my firewall!?” – Firewalls are important and can stop a vast majority of attacks, sure, but in no way should you rely on them to safeguard you completely. Locking down ports and additional security software can help keep your business and all its data protected.
“How do hackers even get to my copier?” I’m glad you asked! One example that is used too often is through your HR department. Larger businesses always have resumes flowing in, no one thinks twice about receiving them in their inbox. These resumes are topped with hidden code that only triggers when it is read by the copier’s computer language. This avoids any virus detection software on the HR computer. Now the code turns on once it’s in your copier and opens a backdoor for the hacker to access your network, Since most people aren’t protecting their printing fleet, there is no way to detect what they are doing from the safety of your own network.
These codes from the example above can be incredibly smart. Hackers can email a gift certificate to a member of your custodial staff who then prints it and now it’s in your printer. Knowing that custodians normally have no access to company information, it waits until a user with more access interacts with the printer. Code can be written that gets in through a gift certificate and cause a minor issue with the printer. The users call IT for support and they remote in, see nothing wrong with the print and it magically starts working perfectly. IT and car mechanics have that power; it’s always broken until you bring it to them. But the printer is working perfectly because the malicious code went from the printer to the IT employee’s computer. Now it has access to everything that IT has access to, which is only everything in your network.
What Does This All Mean?
What have we covered so far:
- Your printers, copiers and/or MFPs most likely have a hard drive
- It stores operating system information and other data that helps the device run
- It stores records of your address books and accesses addresses to your document repositories
- It stores every print job, fax, scan, email and whatever you do on the device
- Sometimes these hard drives and their data get sent out to the world and all your information goes along with it
- Hackers can access your information on your copier’s hard drive while it is still within your organization
Be aware of what information may be on your copier’s hard drive, scan it every once in a while and even wipe it if you can. Protect your copiers and MFPs with additional security settings and solutions if possible.
This all seems farfetched and make believe, but I really do wish I were making this all up. Don’t become my next example.