Most enterprise-level printers have a built-in hard drive that can store information in the same way your smartphone or your computer does. If you’re a business that has ever printed private or sensitive information (as most do at one time or another), then that information still resides on the printer’s har drive. And just like on your smartphone and computer, if hackers or other cybercriminals think that they can gain access to that information, they will try.
There are numerous ways for them to get at that information while the printer is connected to your network. But the easiest manner to get at that information is to wait until the printer is no longer in your hands. Perhaps it has been sold, returned, given away or donated.
So, what should you do to protect your business before parting ways with the printer?
Begin by checking with the manufacturer, dealer, or servicing company you work with for options on securing the hard drive. Some companies may offer services that will remove the hard drive and let you keep it so that you can dispose of it or destroy it yourself.
Some services may be able to overwrite the hard drive for you. Overwriting is not the same as reformatting or deleting the data on a hard drive. Deleting data or reformatting the hard drive does not actually alter or remove the data. Instead, it alters how the hard drive accesses the data and combines it to make archived files. The data will remain on the hard drive and may be recovered through a variety of utility software programs. Overwriting is the process of replacing old information with new information.
If you are leasing or buying a new machine, make sure you ask the dealer about data security during the purchase or leasing process.
You could also attempt to remove the hard drive yourself. However, hard drives in digital printers often include required firmware that enables the device to operate. Removing and destroying the hard drive without being able to replace the firmware can render the machine inoperable, which will present problems if you lease the device or if you plan on reselling it. Also, printer hard drives are not as typically accessible as a computer hard drive is. Without the requisite knowledge, you could do far more damage than you realize.
Your Legal Responsibility for Protecting Sensitive Information
The FTC’s standard for information security mandates that companies must maintain reasonable procedures to protect sensitive information. The degree to which these procedures must be met depends on the nature and size of your business, the types of information you have, the security tools available to you based on your resources, and the risks you are likely to face.
The information your business stores, transmits, or receives may have more specific compliance obligations. For example, if you maintain consumer information, such as credit reports or employee background screens, you may be required to follow the Disposal Rule, which requires a company to properly dispose of any such information stored on its digital copier, just as it would properly dispose of paper information or information stored on computers.
Similarly, financial institutions may be required to follow the Gramm-Leach-Bliley Safeguards Rule, which requires a security plan to protect the confidentiality and integrity of personal consumer information, including information stored on digital copiers.