Why do people still make paper copies

Photocopier: The vulnerable data station

The device is located where it can be easily reached by everyone - in the corridor, in the entrance area, in the small, often unobserved storage room. It is in operation at least the entire working day and often around the clock. It often depends on a data line with little or no protection. Would you trust such a device with sensitive data? No? - You do it almost every day: We are talking about your modern and multifunctional photocopier, which is a real treasure trove for clever data thieves. Did you know that?
The devices, which are still simply called photocopiers, are nowadays extremely practical all-rounders: Depending on the equipment, they are not only suitable for 1: 1 copies of individual documents, no, they can be connected to one or more computers as a printer and they can be sent Faxes or can be used as scanners for stacks of documents of any thickness - and all of this in adjustable quality and, depending on your preference, in black and white or color reproduction. In short: copiers have now mutated into multifunctional devices and are usually quick and easy to use. And because they are networked with the respective computers at their locations and for their various purposes, many people in companies, authorities, medical practices, law firms or church administrations have access to these devices without having to stand next to them all the time: Large parts of the day are "Copier" unattended.
And that can have fatal consequences. Because although they are comparatively easy to use, huge amounts of data often have to be moved, sorted and of course also stored within the copier for their individual functions. Normal print jobs generate data as well as complex copying tasks, both of which require at least temporary storage. The data of scanned documents or images must be retained by the device at least until they have been copied or moved to other computers or data carriers. Deferred work functions such as sending (or receiving) faxes even require long-term data storage and retrieval.

These devices can only cope with all these tasks because they are equipped with a large internal storage space. They have both a so-called volatile main memory, the contents of which are erased when the device is switched off, and hard drives or other non-volatile memories, which retain their contents even when the mains power is switched off. For example, files with the information to be printed or copied are created on these non-volatile memories - and they exist until the task is completed. After that, the storage space that this file has occupied within the copier is automatically released again, but the data it contains are not necessarily irreversibly deleted. As with any computer hard drive, traces of data usually remain on the storage media - and they can be restored with little technical effort. The necessary information for this can be found on the Internet: The corresponding access data can be found there for almost every device: Standard passwords, administrator codes or key combinations that have to be pressed when the respective device is switched on in order to obtain administrative and thus all-encompassing rights for access to the To get the innermost of the copier systems.
Unauthorized persons standing directly at the copier can take advantage of all the options that the device offers: Jobs that are still stored can be printed out just as easily as data that have apparently been deleted, but actually still existent, from old copies, faxes or print jobs can be made visible again. Of course, this risk also exists if the copier is connected to a local computer network in order to make its resources available to several people. As a rule, the devices can then be configured conveniently and easily from any PC in this network. With the manufacturer's standard passwords, if these were not changed when the copier system was put into operation, and a browser, this is usually possible without any problems. If the respective computer network is connected to the Internet, knowledgeable hackers can even gain access to the data stored on the devices from outside.

So it is essential to ensure that for the oh, so everyday and seemingly simple "photocopier" at least as strict security standards are developed and observed as for conventional computers (and networks). This duty of care goes far: The sale of a device that is no longer required, its return (if it was rented) or its disposal also entail data protection risks. In each of these processes, it must be ensured that the data still remaining on the copier's data carriers cannot fall into unauthorized hands.
The multifunctional photocopier described here processes all conceivable types of personal data, but also other types of data that are worthy of protection: applications, salary statements, photos, bank statements, medical reports and expert opinions, certificates of good conduct or penalty orders, asylum applications, tender documents or accounting documents, statements of accounts, development concepts, patent documents - The list could go on almost indefinitely. Most users make sure that neither paper originals nor copies remain in the device. However, the data that remain in the copier's memories can usually not be removed easily and without problems. These data are invisible to normal users, many are not even aware that they exist. So it stands to reason that you are actually neglecting the necessary care when handling such devices.
"What you can't see isn't there either"? - These appearances are deceptive.

1. Allow use only by authorized persons

The copier systems should be secured against unauthorized use, in particular they should not be set up in areas open to the public or in unsupervised locations. By entering codes before each use or by using electronic keys such as copy cards, it can be achieved that only authorized persons can use the copier. It goes without saying that keys or release codes may not be passed on to third parties.

2. Change the default passwords

Like many other EDP devices, photocopiers are also supplied by the manufacturer with standard passwords. Since these can not only be read in the official manuals, but can also be researched on the Internet with a high degree of probability, they are not at all suitable for protecting the copier system from unauthorized use or configuration. It is therefore essential that the standard passwords be changed appropriately during commissioning.

3. Handling of copy material

Originals and copies must always be removed from the device immediately after use.

4. Destroy incorrect copies in accordance with data protection regulations

In the immediate vicinity of the copying system, a shredder should be placed in so-called crosscut quality (cross cut / particle cut), with which incorrect copies with personal or otherwise sensitive content can be destroyed immediately and effectively.

5. Provision

All users must be instructed to manually reset the system to its original state after use, for example by pressing the "C" key or a key combination with which the system is switched to standby mode. If use is only possible with certain keys (numbers, tokens, copy cards), the device must be configured in such a way that it is automatically reset to its original state after the key is removed. The keys must be removed from the device as soon as use is complete; a key that remains active in the copier for a longer period of time (for example for a full working day) to make it easier to use is useless.

6. Using the copier as a departmental printer

If the copier is used as a workgroup printer by several people, no documents with personal or otherwise sensitive data should be printed out there. However, if this cannot be avoided, the print function should be provided with a lock: Printing will not be carried out until the customer enters a multi-digit code directly on the device. This ensures that the printed documents can be removed immediately after the printing process has been completed and that no unauthorized persons can gain knowledge of the printed data.

7. Switch off services that are not required

When connected to a computer network, the copier systems provide a variety of network services. The devices are usually configured by the manufacturer in such a way that they can be put into operation as problem-free as possible. For example, the devices are programmed with a wide variety of network protocols so that they can be accessed from a wide variety of computer systems. During commissioning, the services that are not required for the specific purpose should therefore be switched off. In pure Microsoft Windows networks, for example, the "AppleTalk" network protocol is not required; it should be switched off.

8. Encrypted storage of the data

Depending on where the photocopier system is used (trading company, research institutes, doctors, tax administration, etc.) and what types of data are mainly processed on it, the data should be encrypted as appropriately as possible. Particular attention should be paid to this option when purchasing new devices. The data is then protected against misuse, even if the copier is stolen, for example. It is important that the access codes and passwords used, as described under point 2, are not disclosed to anyone when they are handed over. Often, encryption can only be achieved via an additional function that requires the use of so-called "security kits" (see also the following point: 9. Deleting the data).

9. Delete the data

When purchasing new copy machines, a configuration must be ensured with which the data is irreversibly and automatically deleted as soon as it is no longer required. This function is usually made possible by (optionally available) additional modules with names such as "Security Kit" or "Data Security Kit (DSK)". In addition, it should be possible at any time to manually initiate the complete deletion of all data.

10. Security updates

Security updates made available by the manufacturers should be installed immediately in order to close known security gaps in the copier system. This is especially true if the copier is operated as a multifunctional device within a computer network.

11. Maintenance passwords

As a rule, there is a so-called master password, maintenance password or service password for each device. This enables the manufacturer's maintenance technicians to access the system administratively even if customers have forgotten their passwords. If possible, only those systems should be purchased in which it is possible to protect the data within the system from being accessed after entering the master password.

12. Return, sale and disposal

When disposing of decommissioned devices, all data that is or could be left on the system must be deleted. If this cannot be effectively achieved by manually initiating a deletion process and / or by using "security kits" (see point 9), the data carriers must be physically destroyed.