SlideShare a Scribd company logo

Secure Digital Copier Data

- Mark - Fullbright
- Mark - Fullbright

All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.

EducationTechnology
1 of 8
Download to read offline
Copier Data Security: A Guide for Businesses Federal Trade Commission | business.ftc.gov
Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, then you’ve probably instituted safeguards to protect that information, whether it’s stored in computers or on paper. That’s not only good business, but may be required by law. According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, your information security plans also should cover the digital copiers your company uses. If the data on your copiers gets into the wrong hands, it could lead to fraud and identity theft. Digital Copiers are Computers Commercial copiers have come a long way. Today’s generation of networked multifunction devices — known as “digital copiers” — are “smart” machines that are used to copy, print, scan, fax and email documents. Digital copiers require hard disk drives to manage incoming jobs and workloads, and to increase the speed of production. But not every copier on the market is digital: generally, copiers intended for business have hard drives, while copiers intended for personal or home office use do not. The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails. If you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extracting the data once the drive has been removed. Digital copiers store different types of information in different ways. For example, photocopied images are more difficult to access directly from the hard drive than documents that are faxed, scanned or printed on the copier. 1
The Life-Cycle of a Copier Copiers often are leased, returned, and then leased again or sold. It’s important to know how to secure data that may be retained on a copier hard drive, and what to do with a hard drive when you return a leased copier or dispose of one you own. It’s wise to build in data security for each stage of your digital copier’s life-cycle: when you plan to acquire a device, when you buy or lease, while you use it, and when you turn it in or dispose of it. Before you acquire a copier: Make sure it’s included in your organization’s information security policies. Copiers should be managed and maintained by your organization’s IT staff. Employees who have expertise and responsibility for securing your computers and servers also should have responsibility for securing data stored on your digital copiers. When you buy or lease a copier: Evaluate your options for securing the data on the device. Most manufacturers offer data security features with their copiers, either as standard equipment or as optional add-on kits. Typically, these features involve encryption and overwriting. Encryption is the scrambling of data using a secret code that can be read only by particular software. Digital copiers that offer encryption encode the data stored on the hard drive so that it cannot be retrieved even if the hard drive is removed from the machine. 2
Overwriting — also known as file wiping or shredding — changes the values of the bits on the disk that make up a file by overwriting existing data with random characters. By overwriting the disk space that the file occupied, its traces are removed, and the file can’t be reconstructed as easily. Depending on the copier, the overwriting feature may allow a user to overwrite after every job run, periodically to clean out the memory, or on a preset schedule. Users may be able to set the number of times data is overwritten — generally, the more times the data is overwritten, the safer it is from being retrieved. However, for speed and convenience, some printers let you save documents (for example, a personnel leave slip) and print them straight from the printer hard drive without having to retrieve the file from your computer. For copiers that offer this feature, the memory is not overwritten with the rest of the memory. Users should be aware that these documents are still available. Overwriting is different from deleting or reformatting. Deleting data or reformatting the hard drive doesn’t actually alter or remove the data, but rather alters how the hard drive finds the data and combines it to make files: The data remains and may be recovered through a variety of utility software programs. Yet another layer of security that can be added involves the ability to lock the hard drives using a passcode; this means that the data is protected, even if the drive is removed from the machine. Finally, think ahead to how you will dispose of the data that accumulates on the copier over time. Check that your lease contract or purchase agreement states that your company will retain ownership of all hard drives at end-of-life, or that the company providing the copier will overwrite the hard drive. 3
When you use the copier: Take advantage of all its security features. Securely overwrite the entire hard drive at least once a month. If your current device doesn’t have security features, think about how you will integrate the next device you lease or purchase into your information security plans. Plan now for how you will dispose of the copier securely. For example, you may want to consider placing a sticker or placard on the machine that says: “Warning: this copier uses a hard drive that must be physically destroyed before turn-in or disposal.” This will inform users of the security issues, and remind them of the appropriate procedures when the machine reaches the end of its usable life. In addition, your organization’s IT staff should make sure digital copiers connected to your network are securely integrated. Just like computers and servers that store sensitive information, networked copiers should be protected against outside intrusions and attacks. When you finish using the copier: Check with the manufacturer, dealer, or servicing company for options on securing the hard drive. The company may offer services that will remove the hard drive and return it to you, so you can keep it, dispose of it, or destroy it yourself. Others may overwrite the hard drive for you. Typically, these services involve an additional fee, though you may be able to negotiate for a lower cost if you are leasing or buying a new machine. One cautionary note about removing a hard drive from a digital copier on your own: hard drives in digital copiers often include required firmware that enables the device to operate. Removing 4
and destroying the hard drive without being able to replace the firmware can render the machine inoperable, which may present problems if you lease the device. Also, hard drives aren’t always easy to find, and some devices may have more than one. Generally, it is advisable to work with skilled technicians rather than to remove the hard drive on your own. For More Information To learn more about securing sensitive data, in general, read Protecting Personal Information: A Guide for Business at ftc.gov/infosecurity. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair practices in the marketplace and to provide information to businesses to help them comply with the law. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. Opportunity to Comment The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency’s responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to sba.gov/ombudsman. 5
Protecting Sensitive Information: Your Legal Responsibility The FTC’s standard for information security recognizes that businesses have a variety of needs and emphasizes flexibility: Companies must maintain reasonable procedures to protect sensitive information. Whether your security practices are reasonable depends on the nature and size of your business, the types of information you have, the security tools available to you based on your resources, and the risks you are likely to face. Depending on the information your business stores, transmits, or receives, you also may have more specific compliance obligations. For example, if you receive consumer information, like credit reports or employee background screens, you may be required to follow the Disposal Rule, which requires a company to properly dispose of any such information stored on its digital copier, just as it would properly dispose of paper information or information stored on computers. Similarly, financial institutions may be required to follow the Gramm-Leach-Bliley Safeguards Rule, which requires a security plan to protect the confidentiality and integrity of personal consumer information, including information stored on digital copiers. business.ftc.gov November 2010

Recommended

bus43-copier-data-security
bus43-copier-data-securitybus43-copier-data-security
bus43-copier-data-securityEd Worthington
 
Remote Data Backup Protection
Remote Data Backup ProtectionRemote Data Backup Protection
Remote Data Backup ProtectionCrystaLink Inc.
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 
Backup & Disaster Recovery for Business Owners & Directors
Backup & Disaster Recovery for Business Owners & DirectorsBackup & Disaster Recovery for Business Owners & Directors
Backup & Disaster Recovery for Business Owners & DirectorsLucy Denver
 
Disaster recovery enw
Disaster recovery enwDisaster recovery enw
Disaster recovery enwJoseph Manzelli Jr
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Enterprise Content Management
Enterprise Content ManagementEnterprise Content Management
Enterprise Content Managementchadstigall
 
ICT HRM Internet MIS
ICT HRM Internet MISICT HRM Internet MIS
ICT HRM Internet MISSayeef Khan
 

Recommended

bus43-copier-data-security
bus43-copier-data-securitybus43-copier-data-security
bus43-copier-data-securityEd Worthington
 
Remote Data Backup Protection
Remote Data Backup ProtectionRemote Data Backup Protection
Remote Data Backup ProtectionCrystaLink Inc.
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 
Backup & Disaster Recovery for Business Owners & Directors
Backup & Disaster Recovery for Business Owners & DirectorsBackup & Disaster Recovery for Business Owners & Directors
Backup & Disaster Recovery for Business Owners & DirectorsLucy Denver
 
Disaster recovery enw
Disaster recovery enwDisaster recovery enw
Disaster recovery enwJoseph Manzelli Jr
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Enterprise Content Management
Enterprise Content ManagementEnterprise Content Management
Enterprise Content Managementchadstigall
 
ICT HRM Internet MIS
ICT HRM Internet MISICT HRM Internet MIS
ICT HRM Internet MISSayeef Khan
 
Insiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage AssetsInsiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage AssetsDataCore Software
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Iron Mountain
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)Network Intelligence India
 
Data centers v1 0
Data centers v1 0Data centers v1 0
Data centers v1 0Kinshook Chaturvedi
 
Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena ssmeena7
 
Cio data center definition and solutions
Cio data center definition and solutionsCio data center definition and solutions
Cio data center definition and solutionsrami20122
 
What if
What ifWhat if
What ifsc00777
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2ShubhraGoyal4
 
Gr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an OrganizationGr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an Organizationuniversity of education,Lahore
 
Top 10 Scams Targeting Seniors
Top 10 Scams Targeting SeniorsTop 10 Scams Targeting Seniors
Top 10 Scams Targeting Seniors- Mark - Fullbright
 
Building a Better Credit Report
Building a Better Credit ReportBuilding a Better Credit Report
Building a Better Credit Report- Mark - Fullbright
 
Child ID Theft Report 2012
Child ID Theft Report 2012Child ID Theft Report 2012
Child ID Theft Report 2012- Mark - Fullbright
 
European Cyber Crime Centre EC3
European Cyber Crime Centre EC3European Cyber Crime Centre EC3
European Cyber Crime Centre EC3- Mark - Fullbright
 
Division of Privacy and Identity Protection
Division of Privacy and Identity ProtectionDivision of Privacy and Identity Protection
Division of Privacy and Identity Protection- Mark - Fullbright
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Identity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to YouIdentity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to You- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
Identity Theft and You
Identity Theft and YouIdentity Theft and You
Identity Theft and You- Mark - Fullbright
 
The 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations ReportThe 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations Report- Mark - Fullbright
 
Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013- Mark - Fullbright
 
Specialty Credit Reports
Specialty Credit ReportsSpecialty Credit Reports
Specialty Credit Reports- Mark - Fullbright
 

More Related Content

What's hot

Insiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage AssetsInsiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage AssetsDataCore Software
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Iron Mountain
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtimeBillyHosking
 
Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena ssmeena7
 
Cio data center definition and solutions
Cio data center definition and solutionsCio data center definition and solutions
Cio data center definition and solutionsrami20122
 
Gr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an OrganizationGr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an Organizationuniversity of education,Lahore
 

What's hot (10)

Insiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage AssetsInsiders Guide- Full Business Value of Storage Assets
Insiders Guide- Full Business Value of Storage Assets
 
Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?Are Your PCs and Laptops Recovery and Discovery Ready?
Are Your PCs and Laptops Recovery and Discovery Ready?
 
The cost of downtime
The cost of downtimeThe cost of downtime
The cost of downtime
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Data centers v1 0
Data centers v1 0Data centers v1 0
Data centers v1 0
 
Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena Information Storage and Management notes ssmeena
Information Storage and Management notes ssmeena
 
Cio data center definition and solutions
Cio data center definition and solutionsCio data center definition and solutions
Cio data center definition and solutions
 
What if
What ifWhat if
What if
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Gr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an OrganizationGr 2 How Information System is Implemented into an Organization
Gr 2 How Information System is Implemented into an Organization
 

Viewers also liked

Division of Privacy and Identity Protection
Division of Privacy and Identity ProtectionDivision of Privacy and Identity Protection
Division of Privacy and Identity Protection- Mark - Fullbright
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business- Mark - Fullbright
 
Identity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to YouIdentity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to You- Mark - Fullbright
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues- Mark - Fullbright
 
The 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations ReportThe 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations Report- Mark - Fullbright
 
Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013- Mark - Fullbright
 
Payment Card Industry Data Security Standard (PCI DSS) 3.0
Payment Card Industry Data Security Standard (PCI DSS) 3.0Payment Card Industry Data Security Standard (PCI DSS) 3.0
Payment Card Industry Data Security Standard (PCI DSS) 3.0- Mark - Fullbright
 

Viewers also liked (14)

Top 10 Scams Targeting Seniors
Top 10 Scams Targeting SeniorsTop 10 Scams Targeting Seniors
Top 10 Scams Targeting Seniors
 
Building a Better Credit Report
Building a Better Credit ReportBuilding a Better Credit Report
Building a Better Credit Report
 
Child ID Theft Report 2012
Child ID Theft Report 2012Child ID Theft Report 2012
Child ID Theft Report 2012
 
European Cyber Crime Centre EC3
European Cyber Crime Centre EC3European Cyber Crime Centre EC3
European Cyber Crime Centre EC3
 
Division of Privacy and Identity Protection
Division of Privacy and Identity ProtectionDivision of Privacy and Identity Protection
Division of Privacy and Identity Protection
 
Information Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your BusinessInformation Compromise and the Risk of Identity Theft Guidance for your Business
Information Compromise and the Risk of Identity Theft Guidance for your Business
 
Identity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to YouIdentity Theft: What to do if it Happens to You
Identity Theft: What to do if it Happens to You
 
Identity Theft:Trends and Issues
Identity Theft:Trends and IssuesIdentity Theft:Trends and Issues
Identity Theft:Trends and Issues
 
Identity Theft and You
Identity Theft and YouIdentity Theft and You
Identity Theft and You
 
The 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations ReportThe 2014 Data Breach Investigations Report
The 2014 Data Breach Investigations Report
 
Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013Canadian Retail Banking Survey 2013
Canadian Retail Banking Survey 2013
 
Specialty Credit Reports
Specialty Credit ReportsSpecialty Credit Reports
Specialty Credit Reports
 
Payment Card Industry Data Security Standard (PCI DSS) 3.0
Payment Card Industry Data Security Standard (PCI DSS) 3.0Payment Card Industry Data Security Standard (PCI DSS) 3.0
Payment Card Industry Data Security Standard (PCI DSS) 3.0
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 

Similar to Secure Digital Copier Data

Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfNCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfPolicypros.co.uk
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyChristoanSmit
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityMeg Weber
 
3e - Security Of Data
3e - Security Of Data3e - Security Of Data
3e - Security Of DataMISY
 
MFP Hard Drive Security
MFP Hard Drive SecurityMFP Hard Drive Security
MFP Hard Drive SecurityDianaElarde
 
Data in the Wild: Survival Guide
Data in the Wild: Survival GuideData in the Wild: Survival Guide
Data in the Wild: Survival GuideDruva
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Dawn Simpson
 
Capabilities of Computing Technology
Capabilities of Computing TechnologyCapabilities of Computing Technology
Capabilities of Computing TechnologyBimpe Animashaun
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
Data Backup and Recovery.pdf
Data Backup and Recovery.pdfData Backup and Recovery.pdf
Data Backup and Recovery.pdfAshraf Hossain
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesIcomm Technologies
 

Similar to Secure Digital Copier Data (20)

Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 
Small Business Owners.pdf
Small Business Owners.pdfSmall Business Owners.pdf
Small Business Owners.pdf
 
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdfNCSC_A5_Small_Business_Guide_v4_OCT20.pdf
NCSC_A5_Small_Business_Guide_v4_OCT20.pdf
 
Cyber Security and GDPR Made Easy
Cyber Security and GDPR Made EasyCyber Security and GDPR Made Easy
Cyber Security and GDPR Made Easy
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
 
3e - Security Of Data
3e - Security Of Data3e - Security Of Data
3e - Security Of Data
 
Mis
MisMis
Mis
 
MFP Hard Drive Security
MFP Hard Drive SecurityMFP Hard Drive Security
MFP Hard Drive Security
 
Data in the Wild: Survival Guide
Data in the Wild: Survival GuideData in the Wild: Survival Guide
Data in the Wild: Survival Guide
 
Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3Institute for the entrepreneur v1r3
Institute for the entrepreneur v1r3
 
Capabilities of Computing Technology
Capabilities of Computing TechnologyCapabilities of Computing Technology
Capabilities of Computing Technology
 
Topic 7
Topic 7Topic 7
Topic 7
 
recupero dati
recupero datirecupero dati
recupero dati
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Data Backup and Recovery.pdf
Data Backup and Recovery.pdfData Backup and Recovery.pdf
Data Backup and Recovery.pdf
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 

More from - Mark - Fullbright

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019- Mark - Fullbright
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019- Mark - Fullbright
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 - Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017- Mark - Fullbright
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business- Mark - Fullbright
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015- Mark - Fullbright
 

More from - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Recently uploaded (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

Secure Digital Copier Data

  • 1. Copier Data Security: A Guide for Businesses Federal Trade Commission | business.ftc.gov
  • 2.
  • 3. Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, then you’ve probably instituted safeguards to protect that information, whether it’s stored in computers or on paper. That’s not only good business, but may be required by law. According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, your information security plans also should cover the digital copiers your company uses. If the data on your copiers gets into the wrong hands, it could lead to fraud and identity theft. Digital Copiers are Computers Commercial copiers have come a long way. Today’s generation of networked multifunction devices — known as “digital copiers” — are “smart” machines that are used to copy, print, scan, fax and email documents. Digital copiers require hard disk drives to manage incoming jobs and workloads, and to increase the speed of production. But not every copier on the market is digital: generally, copiers intended for business have hard drives, while copiers intended for personal or home office use do not. The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails. If you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extracting the data once the drive has been removed. Digital copiers store different types of information in different ways. For example, photocopied images are more difficult to access directly from the hard drive than documents that are faxed, scanned or printed on the copier. 1
  • 4. The Life-Cycle of a Copier Copiers often are leased, returned, and then leased again or sold. It’s important to know how to secure data that may be retained on a copier hard drive, and what to do with a hard drive when you return a leased copier or dispose of one you own. It’s wise to build in data security for each stage of your digital copier’s life-cycle: when you plan to acquire a device, when you buy or lease, while you use it, and when you turn it in or dispose of it. Before you acquire a copier: Make sure it’s included in your organization’s information security policies. Copiers should be managed and maintained by your organization’s IT staff. Employees who have expertise and responsibility for securing your computers and servers also should have responsibility for securing data stored on your digital copiers. When you buy or lease a copier: Evaluate your options for securing the data on the device. Most manufacturers offer data security features with their copiers, either as standard equipment or as optional add-on kits. Typically, these features involve encryption and overwriting. Encryption is the scrambling of data using a secret code that can be read only by particular software. Digital copiers that offer encryption encode the data stored on the hard drive so that it cannot be retrieved even if the hard drive is removed from the machine. 2
  • 5. Overwriting — also known as file wiping or shredding — changes the values of the bits on the disk that make up a file by overwriting existing data with random characters. By overwriting the disk space that the file occupied, its traces are removed, and the file can’t be reconstructed as easily. Depending on the copier, the overwriting feature may allow a user to overwrite after every job run, periodically to clean out the memory, or on a preset schedule. Users may be able to set the number of times data is overwritten — generally, the more times the data is overwritten, the safer it is from being retrieved. However, for speed and convenience, some printers let you save documents (for example, a personnel leave slip) and print them straight from the printer hard drive without having to retrieve the file from your computer. For copiers that offer this feature, the memory is not overwritten with the rest of the memory. Users should be aware that these documents are still available. Overwriting is different from deleting or reformatting. Deleting data or reformatting the hard drive doesn’t actually alter or remove the data, but rather alters how the hard drive finds the data and combines it to make files: The data remains and may be recovered through a variety of utility software programs. Yet another layer of security that can be added involves the ability to lock the hard drives using a passcode; this means that the data is protected, even if the drive is removed from the machine. Finally, think ahead to how you will dispose of the data that accumulates on the copier over time. Check that your lease contract or purchase agreement states that your company will retain ownership of all hard drives at end-of-life, or that the company providing the copier will overwrite the hard drive. 3
  • 6. When you use the copier: Take advantage of all its security features. Securely overwrite the entire hard drive at least once a month. If your current device doesn’t have security features, think about how you will integrate the next device you lease or purchase into your information security plans. Plan now for how you will dispose of the copier securely. For example, you may want to consider placing a sticker or placard on the machine that says: “Warning: this copier uses a hard drive that must be physically destroyed before turn-in or disposal.” This will inform users of the security issues, and remind them of the appropriate procedures when the machine reaches the end of its usable life. In addition, your organization’s IT staff should make sure digital copiers connected to your network are securely integrated. Just like computers and servers that store sensitive information, networked copiers should be protected against outside intrusions and attacks. When you finish using the copier: Check with the manufacturer, dealer, or servicing company for options on securing the hard drive. The company may offer services that will remove the hard drive and return it to you, so you can keep it, dispose of it, or destroy it yourself. Others may overwrite the hard drive for you. Typically, these services involve an additional fee, though you may be able to negotiate for a lower cost if you are leasing or buying a new machine. One cautionary note about removing a hard drive from a digital copier on your own: hard drives in digital copiers often include required firmware that enables the device to operate. Removing 4
  • 7. and destroying the hard drive without being able to replace the firmware can render the machine inoperable, which may present problems if you lease the device. Also, hard drives aren’t always easy to find, and some devices may have more than one. Generally, it is advisable to work with skilled technicians rather than to remove the hard drive on your own. For More Information To learn more about securing sensitive data, in general, read Protecting Personal Information: A Guide for Business at ftc.gov/infosecurity. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair practices in the marketplace and to provide information to businesses to help them comply with the law. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad. Opportunity to Comment The National Small Business Ombudsman and 10 Regional Fairness Boards collect comments from small businesses about federal compliance and enforcement activities. Each year, the Ombudsman evaluates the conduct of these activities and rates each agency’s responsiveness to small businesses. Small businesses can comment to the Ombudsman without fear of reprisal. To comment, call toll-free 1-888-REGFAIR (1-888-734-3247) or go to sba.gov/ombudsman. 5
  • 8. Protecting Sensitive Information: Your Legal Responsibility The FTC’s standard for information security recognizes that businesses have a variety of needs and emphasizes flexibility: Companies must maintain reasonable procedures to protect sensitive information. Whether your security practices are reasonable depends on the nature and size of your business, the types of information you have, the security tools available to you based on your resources, and the risks you are likely to face. Depending on the information your business stores, transmits, or receives, you also may have more specific compliance obligations. For example, if you receive consumer information, like credit reports or employee background screens, you may be required to follow the Disposal Rule, which requires a company to properly dispose of any such information stored on its digital copier, just as it would properly dispose of paper information or information stored on computers. Similarly, financial institutions may be required to follow the Gramm-Leach-Bliley Safeguards Rule, which requires a security plan to protect the confidentiality and integrity of personal consumer information, including information stored on digital copiers. business.ftc.gov November 2010