Hard drives within copiers must be securely destroyed
Shred-it, the leading on site document destruction company, is warning of the potential for data losses caused by the failure to securely destroy the hard drives held inside multi-function photocopiers.
Shred-it explains that the multi-purpose photocopiers that are now commonplace in many organisations often contain hard drives that retain images of information scanned, printed and photocopied during the photocopier’s lifecycle.
Robert Guice, Executive Vice President, EMEA, at Shred-it, comments: “Organisations replacing or leasing their photocopiers often overlook the fact that these machines can hold reams of confidential information about their employees, their clients and their business in their hard drives.
“Confidential data held electronically is often forgotten when companies come to put in place secure document management policies. Data stored on the hard drives of both computers and photocopiers, not to mention USB sticks, computer disks and smartphones, can leave organisations vulnerable to a serious data security breach.
“When it comes to protecting confidential information the best medicine is prevention, and the best prevention is a “shred-all” policy that takes into account the destruction of both paper based and electronically stored sensitive data.
“This is particularly important now that the Information Commissioner’s Office (ICO), has been given enhanced powers to levy fines of up to £500,000 on organisations that commit serious data breaches. This is in addition to the reputational damage a public fine can bring, the associated loss of customers and the cost of dealing with the breach itself.”
According to Shred-it common security risks to organisations include:
- Copier hard drives, laptops, external storage drives and back-up devices and other sources with sensitive information stolen, misplaced or not destroyed securely when the information is no longer needed
- Confidential paper documents disposed of in recycling boxes or rubbish bins
- Files left unattended in file rooms, on staff desks and in door folders; or unrestricted physical access to sensitive files
- Disregarded USB sticks and computer files containing confidential information left on employees desks
To prevent these incidents, Shred-it has a number of information security recommendations :
- List all information security risks specific to your organisation, targeting both paper-based and electronic information sources; consider every stage of the information cycle, from data generation and storage to the transfer of data from location to location and the information destruction process
- Develop stringent and enforceable policies regulating access to sensitive employee, client or business information
- Train your employees in best practices in secure information management and destruction
- Securely destroy all sensitive information - in electronic and paper form – that is no longer required to be kept on record
- Outsource information destruction to high-quality professional providers, who ensure the total security of the information destruction process, and can provide documentation to certify that the chain of custody has been maintained and the work has been completed
- Partner with a document destruction specialist to audit your operations to help your organisation identify gaps in security