Basic HTML Version
PRINT.IT
13
www.binfo.co.uk
a machine’s life-time, potentially
millions of such images could
be stored in this way and be
accessible to criminal activity
using technology readily
available on the internet.
“Many companies look
at their PCs, network and IT
equipment and are very quick
to put in additional security to
avoid viruses, malware and
so on. But many companies
don’t realise that when you
print, copy or scan, there’s a
ghost image on the MFP’s hard
drive, so if someone took the
hard drive out there would be
1,000s of documents held on it
that could be used fraudulently
or maliciously. On high end
machines doing 50,000 pages a
month, there could be millions.”
Typically, MFP manufacturers
advise customers to secure their
hard disks through encryption
and disk overwriting at end of
life. Even so, many organisations
turn off encryption because it is
deemed to be slow and neglect
to over-write for the same reason
– Toshiba estimates that less
than 10% of its customers over-
write data on MFP hard disks.
Others might consider the risk to
be so small that it is not worth
addressing.
Yet, as Mills points out, the
real question is not ‘How great
is the risk?’ but rather ‘Am I at
risk?’
“Any organisation that
holds or processes confidential
information has a responsibility
and a legal obligation to ensure
that that data remains secure
and that means protecting
it from any risk, not just the
most obvious one. Healthcare
providers, schools, local and
central government, financial
services providers and law firms
quite rightly spend a fortune
protecting their networks from
hackers and viruses. Yet, they
often stop there, leaving gaping
holes in their data protection
strategies.
“You see it all the time
with unsecured USB sticks,
smartphones and notebook
computers left on trains and
in the backs of taxis. We hear
about these instances, because
the lost items are usually found
For evidence of how easy it
is to retrieve information from
an MFP, Mills recommends a
year-old, five minute long CBS
report in which a reporter and
MFP security specialist acquire
three MFPs from a warehouse
and using software found on the
internet retrieve a treasure trove
of compromising material from
the hard disk, including medical
and police records. To view the
report visit www.cbsnews.com/
video/watch/?id=6412572n or
enter ‘CBS copier security’ in the
YouTube search box.
“This film is a great reminder
that MFPs have a life after they
leave a customer’s premises,”
says Mills. “The leasing company
will apply a residual value to the
MFPs and try to dispose of them
in a number of ways:
they might offer
them back to manufacturers
for parts; or sell them to the
second-hand market here in
the UK or overseas; or they may
be recycled according to WEEE
regulations. The important point
is that what happens to the
devices is out of the customer’s
hands, so it is essential to
make sure that no data can be
retrieved.”
By making self-encrypting
hard disks with Toshiba Wipe
technology a standard feature of
its new MFPs, Toshiba has taken
MFP security to new heights,
freeing customers from having to
buy additional security solutions,
such as instant overwriting or
data encryption that can involve
added expense and loss of
performance. In the field of MFP
security, Toshiba continues to
lead the pack.
www.toshiba.co.uk/imaging
by members of the public
who are more interested in
causing embarrassment to the
organisation involved rather
than doing anything illegal.
Clearly, MFPs are a special case,
because if data is harvested
from a device’s hard disk it is
done so deliberately with just
one purpose in mind. The only
reason the public isn’t more
aware of the problem is that
people don’t accidentally leave
MFPs in the backs of taxis. But
that doesn’t mean that the
problem doesn’t exist.”
It is also the case that
with penalties of as much
as £500,000 for failing to
protect customers’ personal
details, not to mention the bad
publicity such breaches incur,
no business is going to
admit to having lost data
in this way.
...if data is harvested from
a device’s hard disk it is
done so deliberately with
just one purpose in mind.