Thanks, Patrick, for sharing your knowledge.
I, too, have been looking into this issue. The recent AIIM show in Philadelphia was paired with the OnDemand show which included most manufacturers of MFDs. I inquired at several booths (including Canon, HP, and Minolta-Konica) and found no one with definitive information on the default settings for hard drive security. However, at each booth I was referred to the manufacturer's Webpage for white papers on the subject.
Back at the office, I actually found helpful white papers for brands I need to address.
In general, default settings from the factory seem relatively secure, but it also seems prudent to know the risks and either accept them or take action to reduce them.
Also, the precaution concerning public MFDs is noteworthy. "A word to the wise is sufficient."
Gordon E.J. Hoke, CRM
>From: Patrick Cunningham <[log in to unmask]>
>Sent: May 12, 2010 10:48 AM
>To: [log in to unmask]
>Subject: Re: Your Copier/MFD as a potential records/info security risk
>Before everyone goes running off screaming at the people who procure MFDs, take a breath.
>This is a hugely hot topic right now, which means a lot of this is going to be media hype and there will be opportunists who claim to save the world. The CBS report does contain a lot of accurate factual data and this should be a concern -- in fact, it has been a concern of mine for a number of years. What I have found is that the newer generation of MFDs are better able to protect the data stored on board the device, without much intervention. Many of these devices have built in algorithms that only allow the images to be extracted when the drive is connected to the hardware where the image was created (i.e. if you remove the drive, the images cannot be rendered). Other devices will automatically wipe the space where the data was stored, once the device has completed the task associated with the data. It is important to get all the facts concerning any device that is potentially storing images or data. And while you are addressing this issue, it's also
> a good time to verify that your organization's used computers (and broken computer hard drives) are also being properly secured when disposed of.
>In most cases, the MFD manufacturer can set up the device to delete and wipe the data (when I use the term "wipe", I mean that the data has been overwritten several times by ones and zeros or random strings of ones and zeros, not simply "deleted" or "erased") very quickly. In some cases, there is an additional expense for setting this up (a reason why many companies don't implement the safeguard). The typical set up for the MFD is "first in, first out". When the hard drive reaches capacity, the oldest data will be deleted. Depending upon the size of the hard drive, this can still represent a considerable amount of data.
>So there are two action items for those of you interested in this topic:
>1) Check with your Contracts or Procurement people to ensure that the service contracts for these devices require the servicing organization to completely wipe (or physically destroy) any hard drive removed from your premises (whether or not it is still in the device).
>2) Ask the person responsible for the devices to have the security settings on the devices reviewed. Have them set to wipe the data as soon as the data has been fully processed by the machine -- or within a brief period of time (48 to 72 hours) if the data has not been processed (i.e. a print job is held in a "mailbox" for printing).
>There are other security measures that can be put in place, ranging from removable hard drives (so they can be locked in a safe at night) to keycard enablement of printing or other functions (ties a job to a user and allows stored data to only be delivered when the user is standing at the machine).
>Another consideration is to think about what you have printed on public machines -- those copiers / MFDs in public libraries, at hotels, or at a retail printing establishment (like a Kinko's / FedEx Office). You have zero control over the disposition of those drives and in the case of a Kinko's (not to pick on them specifically), there are additional potential risks if you send a print job to them online.
>A final security consideration is really an issue for the people in your organization in Information Security. The typical MFD is a computer attached to your network. In many cases, this device can email information or access shared drives on your network. The device is generally not patched with regularity and it is often not equipped with antivirus protection or monitored in any meaningful way. Your Information Security team needs to consider MFDs to be computers attached to your network and treat them appropriately -- either ensuring that they are locked down or closely monitored and only given access rights that are absolutely necessary.
>If the MFD is not capable of wiping data or otherwise securing the data, someone will need to set a process in place to give consideration to replacing the device. Why? Beyond the potential for personal privacy and HIPPA problems (not to mention loss of intellectual property), I have now started to see discovery requests come in that request images off MFD hard drives. If nothing else gets your lawyers' attention, that will. Spoliation is a real possibility with MFDs if the device is literally not shut down upon notice, since the device will continue to store and delete data until the drive is removed or imaged. There is virtually no way to implement a legal hold of a MFD hard drive, short of physical removal of the drive.
> Patrick Cunningham, CRM, FAI
>[log in to unmask]
>"Perpetual optimism is a force multiplier."
>-- Colin Powell
>List archives at http://lists.ufl.edu/archives/recmgmt-l.html
>Contact [log in to unmask] for assistance
>To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
>mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]