Information Technology

Could your photocopier be a data risk?

By Direct-Tec
Information Technology
Published: 9 February 2018

In the recent BBC fictional drama McMafia, part of the storyline sees a hacker using the WIFI connectivity of a chocolate vending machine to hack into the Port of Mumbai authority computers to look at shipping records.

While this is a drama, the threat of WIFI and the internal technology of printers, photocopiers and scanners means that everything in your office could be a potential data risk. So says Simon Riley, Sales Director of Direct-Tec.

He explains: “With businesses getting compliant for the new General Data Protection Regulations (GDPR) that come in to force in May this year, something that might be overlooked is the office photocopier. For many businesses, a photocopier is just something that sits in the corner that is used to copy, scan, or print documents.

“However, everything that runs through that machine has an image of it stored inside on an internal hard drive. If that hard drive is not secure – or the WIFI network that machine sits on does not secure the photocopier – it could be a backdoor for hackers to access into the machine and download all the data on that drive.”

Mr. Riley says that making sure a photocopier is secure is important for every business – especially as there have been examples of data breaches. For example, in the US, a used photocopier sold at auction had previously belonged to the Police Sex Crimes Division in Buffalo, New York.

After removing the hard drive and then using free software, “tens of thousands” of police records were accessed. Similarly, on another machine from the same auction, 300 private medical records and insurance documents were accessed (the previous owner was a health insurance company).

“While the dramatic scenes of McMafia are fictional, the threat is very real” summarises Mr. Riley. “GDPR is not going away, and data breaches will have much bigger penalties attached to them. Businesses need to make sure that if they are replacing or upgrading equipment in 2018, it is GDPR compliant.”