With new and better technology hitting the market every day, hardware gets outdated quickly and upgrading hardware becomes a necessity. If you can’t print from your mobile phone or your laptops could be mistaken for briefcases, it’s time to start thinking about upgrading your hardware. There are big benefits to upgrading printers and PCs, including increased toner efficiency, fewer maintenance demands, better product security, and better energy efficiency. But before you toss your old hardware, you need a security plan for end of life procedures.
Hardware isn’t lawn furniture
Gone are the days when you could stack old PCs on the curb and hope that someone curious or desperate enough would take them off your hands. Every piece of hardware you own has to be carefully disposed of to avoid subjecting users to data theft and exposing your business to steep fines. Even printers and photocopiers, devices that you might think do little more than reproduce what you place on the glass, store sensitive information that hackers would love to get their hands on—and often do.
CBS News’ chief investigative correspondent Armen Keteyian found that nearly every printer and copier manufactured since 2002 contained a digital hard drive, which stores a record of each document printed in image form. In 2010, Keteyian accompanied a security company on an investigation into old printers and photocopiers that had been sent to a warehouse. After removing the hard drives from the printers, a security researcher discovered thousands of pages of sensitive documents had been left unprotected by New York crime units, which included the names of both victims and offenders. On another printer, they found pay stubs, names, and social security numbers left behind from a construction company. On the final printer, they found 300 pages worth of medical records left behind by a major insurance company. Keteyian’s investigation shows that printers are more than devices used to reproduce documents—they’re essentially hard drives. If you’re an IT manager or business owner looking to dispose of old hardware, you need to know these five security risks before you dispose of any hardware.
1. Personal identifying information
Cybercriminals aren’t typically interested in your organization’s printed emails. What you need to be worried about is digital documents that contain personal identifying information (PII), health data, and other information that can lead to identity theft. This information is often stored in printers. Disposed-of printers often contain social security numbers, birth certificates, bank records, income tax forms, and other data that can represent a massive payload to professional criminals.
2. Password cracking
Don’t assume that a password-protected administrative control panel on an outdated printer can protect against access. If your printer falls into the wrong hands, many seasoned cybercriminals and information thieves have the ability to bypass these passwords and gain access. Newer printers can contain card readers that allow only cardholders to access documents in the printer’s hard drive, but this tech was nonexistent in older hardware.
3. Email access
If your old printer falls into the wrong hands, cybercriminals could gain access to email accounts. According to PCMag, some printers contain a direct email function that includes stored password information for user email accounts. Depending on configuration and encryption, your at-risk data could include more than just what’s stored in your printer—it could extend to your email accounts, too.
4. Incomplete data disposal
Depending on the age and manufacturer of your printer, on-board storage configurations can vary. One first step towards hardware disposal is to speak to the manufacturer about whether the device has a drive. In many cases, a third-party program can be one of the best ways to completely wipe local storage or hard drives and mitigate the risks of incomplete data disposal.
If your organization is required to comply with HIPAA, PCI, SOX, or any federal regulations for data storage and disposal, failing to address information stored on your printer could put you at risk of non-compliance, not to mention the crushing expense of a data breach. ICT Compliance highlights the risks associated with disposal laws and covers the requirements for disposing of old tech in an environmentally responsible way. When developing a plan for disposal, it’s crucial to check local and federal regulations to make sure you don’t pollute a landfill with any dangerous chemicals or materials from your hardware, which could put your company at risk of being hit with huge fines.
While upgrading hardware can significantly improve workplace efficiency and your end user’s experience, as well as save a lot of money, you need to focus on security before you go decorating the lawn with old PCs and printers.