CBS news story that can affect us all!!!!!!!!!!!!!!!!!!!!!!!!!!!!

That's quite a story! Well I know pretty much all colour machines have hdd's as standard equipment, but not all b&w machines do, even current ones.. but to say it's as easy as hitting print? Well maybe if you don't use due dilligence and don't delete your user boxes or equivalent. Even then.. to pull a hdd yeah it's not too hard. But not all hdd's are formatted to a standard that makes them "plug n play" and yes forensic data recovery tools are available to scan hdd's for "lost files". Jeez and if you have a copier in a sensitive location maybe you should get an encryption kit or even your "IT" department to at the very least get your copier company to format the hdd before it goes back to the lease company, or @ least inquire about it!! Wow... Nuff said.

Regards!
A.

The story does bring up a good point, I wonder how much of my information, as well as everyone else here, is going to the wholesalers.

Not many customers buy the security software or wipe the drives before we pickup their old machines.

The story puts the blame on the equipment, where the problem is with the user/key operator.
The HDD in most machines spools 10 jobs, then overwrites. Scanning when set correctly will delete the job.
Removable HDDs were an option in secure government facilities. The old analog machines in the same environment required the key operator/security individual to run 10 blank pieces of paper so there would be no latent image on the drum.
Far fetched but plausible.
Wouldn't it be the same persons job to secure the machine?

I am just saying the story was biased and wrong in blaming the machine.
Ultimately is is the user that should ask for it to be done.

We have been in the process of adding a disclaimer to our sales orders and also letting them initial the sales order declining the purchase of a Data Security Kit on applicable models. I guess it's time to finish that project.

Absolutely agreed!!

It's a two phased approach, IMHO.

Some of this goes back to the original sale. Most if not all vendors offer hard drive security options. Some will securely erase each job after printing, and there are options which will encrypt the drive. Some offer removable drives which can be removed nightly and stored securely.To keep the price down and to close the sale faster these options frequently either get downplayed or don't get mentioned at all.

On the service side, few dealers ever bring up the option of properly reformatting or even destroying the drive when the machine comes off lease or is otherwise traded in. While deleting mailboxes / stored documents is a step in the right direction, these files still exist on the drive and could be reconstructed using forensic software as mentioned in the article / video clip if no security measures have been taken.

The good news (kinda) is that these features can normally be added after a machine is already in place. The downside is just how the cost gets added into the lease - that part can be a nightmare.

And none of this even touches on machines that are in use, and implementing proper security measure on them. Things like shutting down unnecessary ports and protocols, along with changing default passwords are key to keeping a machine secure. Of course, when machines get too locked down, it makes our jobs nearly impossible sometimes to properly service the equipment. It's a delicate balance.

BTW... If your company offers a security whitepaper, make sure that you keep a copy (both paper and electronic) available at all times. Just as importantly, though, make sure that you at least mostly understand what it says, in case you run head first into a "tough" IT person. (Easier said than done, I know...)

I think that if enough decision making folks get a look at the news clip, we may be in for a bunch of customer calls.

why dont they just remove the hard disk , install a new one before turning the machine comes off lease

I don't know about any other Mfgr, but Ricoh stores data on the HDD raw - there is no recognizable data format (at least as far as any forensic software is concerned - they would be expecting a standard Microsoft or Mac file system and would not be able to piece much together) to recover data from. Ricoh also offers a Disk Overwrite Security System (DOSS) capable of doing a DOD compliant wipe and a removable HDD option for most machines if they're in a high security area. There are copy prevention systems that can recognize a secure print document and refuse to copy it. (of course all machines in the secured area have to have this feature or you could just walk over to another machine.) There are also user modes that allow a key operator to lock the user functions and also lock a tech out of service mode (we don't tell people about this for obvious reasons)

Its just a matter of the sales and service people having the right information to sell to a secure environment customer.

I deal with Army contracts for Special OPS. They are using Bizhubs, and one reason is that we put em in with out hard drives. My guys say they have people who can open that Ricoh hard disc and get what they want. Ricoh has machines on base with hard drives, and I bet I can walk into a secured location, identify myself as the copy guy and walk out with one in my hand.

It's really not bad press..........it's an opportunity to educate your customer base and to sell additional software safety or at the very least, a customer relations positive by telling and reminding customers of this potential liability and or charging extra at the end of lease or ownership to erase all hdd info. Copiers are no different than cell phones and computers, all store info.

I use to take care of a Strategic Air Command Base and some Tactical Air Command locations, you know, bombers and fighters. One location had a building called Threat Evaluation and Combat Surveillance......................... the stories I could tell........................but then I'd have to wipe out this entire website................

Just to play the proverbial "devil's advocate", what would prevent someone from putting a used drive out of an old machine into another one, and retrieving the data that way? At that point, I would at least think that the fact that the data is proprietary becomes a moot point - please correct me if I'm wrong. (Quite frankly, I hope that I am...)

In the newer machines, swapping a HDD like this will trigger a service code - the machine writes the SN to the drive and if they don't match it won't boot. You can format the drive, but that wipes the data.

Its kind of a moot point anyway - the machine discards copy and print data at the end of each job and won't reprint old jobs, so there's no recovery that way anyway. Document server data is a different story - I guess its trchnically possible to swap drives and only initialize the system partition with the SN written to it - not the doc server.

I'm not saying you can't recover images from a drive, just that you really have to want it pretty bad to make it worth it

Wow, they sure threw the Buffalo, N.Y., Police Sex Crimes Division under the bus in that one!!!!! Leaving documents on the glass is clah-ssic!!!!!!! Who has this guy tried to tell about it? Isn't he aware of the security measures available on machines now?!? Also, it's up to the owners/leasers to take care of sensitive material upon disposal. We have a school district that takes the drives down to the wood shop and puts a drill press through them (yes, they pay for new blank drives to go in) before they go back from lease. Sounds like a big commercial for Juntunen's company to me. Also, talking about mass hysteria does not prevent mass hysteria but it sure does sell advertisement!

Paranoia or Hype!

Paranoia or Hype!

Regardless as to whether this is hype or not, my office had a TON of phone calls or emails on this today, as I just found out.

I'll get more details tomorrow, but this doesn't sound like a lot of fun.