Thursday 24 November 2011

Data destruction - don't forget the printers

Last week my Multi-Function Printer (MFP) gave up the ghost and given its age and the probable cost of repair, I decided to invest in a new one. Despite the fact that it would no longer actually print any more, I'm aware that there is a thriving "repair or spares" market out there and I probably could have got a bit of cash for it intact. However, many modern peripherals of this type store data for spooling print jobs and processing scans and copies. The storage media in the device could still contain details of documents printed, scanned and copied. I know from when I've run multiple-page documents through the document feeder to make multiple collated copies that it will easily store the entire document before churning out the copies. When I think of some of the data that's been through my device, I'm not willing to take the risk of letting it go without taking further precautions.

However, for these type of home/small office devices, the risk is quite low as the storage is integrated into the electronics and as far as I'm aware for this type of device is volatile memory that shouldn't have any data on it once the power is off - the possibility of data remenance in this type of memory is still present though. It is therefore more difficult to interrogate and probably not worth the time of a data thief, given the amount and quality of data they may ultimately expect to get out of it.

Business MFPs used in offices are more likely to be a target as they often contain standard hard drives, storing a lot more data and can be more easily interrogated. Potentially there is a greater reward for the data thief as the information they contain would be more valuable to other parties than what may be contained on a typical home printer. Organisations therefore need to ensure that they don't inadvertently disclose confidential data that has been printed, scanned or copied through these devices by not taking appropriate measures when they are sold or otherwise disposed of.

The case for selling these devices intact is that refurbished office MFPs are still of some value. However, the additional benefit of the office MFP is that the data storage medium can be more easily replaced or appropriately cleansed. This also doesn't have to be a difficult task with many enterprise MFP manufacturers having security documentation (often composed in partnership with organisations such as NIST) for how to ensure that these devices are managed, operated and disposed of securely.

This certainly isn't a new issue and there have been plenty of articles talking about the risks associated with this as well as media reports about the data that has been recovered from devices bought from various organisations. However, My recent MFP replacement prompted me to write this post as these devices are not always appreciated for their data storage capabilities and can be one of the easily missed controls, exposing some of the most confidential information.

Image: renjith krishnan / FreeDigitalPhotos.net
Posted by at
Labels: , ,

2 comments:

  1. Unknown5 July 2013 at 10:07

    This comment has been removed by the author.

    ReplyDelete
  2. Unknown31 July 2013 at 08:10

    This is where is all starts Powered by data destruction, liveSite https www camelback net
    shredding,

    ReplyDelete

Subscribe to: Post Comments (Atom)