Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

More on Copier Security and the Wisdom of Secure Implementations

April 27, 2010

My mailbag included a note from Steve Irons, the President of DocSolid, responding to last week's post on the perils of discarding copiers without making sure your data is not still residing on them. Steve offers some excellent thoughts and sound advice:

Hi Sharon – someone forwarded me your blog entry regarding how copiers can be goldmines for identity thefts. A much bigger potential security breach is the way they expose a company to security breaches related to logins. Most new digital copiers (MFPs) are network connected, and vendors offer scanning solutions. But for most scanning operations to be secure, a user login must be implemented and required at the copy machine’s panel. And many times the scanning operations are enabled without implementing proper secure login – thereby exposing the customer to a security breach.

For example, most MFPs offer scan to email functionality direct from the machine. But in order for the email to be sent from the user’s email account, and to use email addresses in the user’s email address book, the user must identify herself at the machine, and gain access to the email system from the machine to invoke the process. Users can then type (limited) email content and have the scanned document sent as an attachment. Often, MFPs are implemented allowing this capability without requiring a formal login to precede the session. This means anyone can walk up to the device, and send an email from ANYONE on the email system, to ANYONE inside or outside the company, with any email content, with or without a relevant scanned image. Imagine sending an email saying: ‘we hereby cancel our contract…’ from the company president to a vendor – or worse. This and other scanning operations are a big hole blown in the side of companies’ security systems when MFP scanning is (and it often is…) wrongly implemented.

Thanks Steve – let's hope everyone takes copier security to heart henceforth.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

More on Copier Security and the Wisdom of Secure Implementations

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer