As technology rapidly evolves, upgrading hardware becomes a regular necessity. If you can’t print from your mobile phone, or your laptop could be mistaken for a briefcase, then it’s probably time to start thinking about upgrading.
There are big benefits to upgrading printers and PCs—including better toner efficiency, less maintenance, greater security, and improved energy efficiency. But, before you ditch the old hardware, you’ll need a security plan for end-of-life procedures.
Hardware isn’t lawn furniture
Gone are the days when you could stack old PCs on the curb and hope that someone curious or desperate enough would take them off your hands. Today, every piece of hardware you own has to be carefully disposed of in order to avoid subjecting customers to data theft and exposing your business to steep fines. Even printers and photocopiers store sensitive information that hackers would love to get their hands on—and often do.
CBS News Chief Investigative Correspondent, Armen Keteyian, found that nearly every printer and copier manufactured since 2002 contained a digital hard drive, which stores a record of each document printed in image form. In 2010, Keteyian accompanied a security company on an investigation into old printers and photocopiers that had been sent to a warehouse. After removing the hard drives from the printers, a security researcher discovered that thousands of pages of sensitive documents had been left unprotected by New York crime units, which included the names of both victims and offenders.
On another printer, they found pay stubs, names and social security numbers left behind from a construction company. And the last printer had 300 pages of medical records left behind by a major insurance company. Keteyian’s investigation shows that printers are more than just devices used to reproduce documents—they’re essentially hard drives. If you’re an IT manager or business owner looking to dispose of old hardware, you need to be aware of five security risks.
1. Personal identifying information
Cybercriminals aren’t typically interested in your organisation’s printed emails. What you need to be worried about is digital documents that contain personal identifying information (PII), health data, and other information that can lead to identity theft. Disregarded printers often contain social security numbers, birth certificates, bank records, income tax forms, and similar data that can become a massive payload to professional criminals.
2. Password cracking
Don’t assume that a password-protected administrative control panel on an outdated printer can protect against unwanted access. If your printer falls into the wrong hands, many seasoned cybercriminals and information thieves have the ability to bypass these passwords and gain access. Many newer printers contain card readers that allow only cardholders to access documents in the printer’s hard drive, but this technology is nonexistent in older hardware.
3. Email access
If your old printer falls into the wrong hands, cybercriminals could potentially gain access to email accounts. According to PCMag, some printers contain a direct email function that includes stored password information for user email accounts. Depending on configuration and encryption, your at-risk data could include more than just what’s stored in your printer—it could extend to your email accounts, too.
4. Incomplete data disposal
Depending on the age and manufacturer of your printer, on-board storage configurations can vary. One first step toward hardware disposal is to speak to the manufacturer about whether the device has a drive. In many cases, a third-party program can be one of the best ways to completely wipe local storage or hard drives, helping you to mitigate the risks of incomplete data disposal.
If your organisation is required to comply with any federal regulations for data storage and disposal, failing to address information stored on your printer could put you at risk of noncompliance—not to mention the crushing expense of a data breach.
ICT Compliance highlights the risks associated with disposal laws and covers the requirements for disposing of old tech in an environmentally responsible way. When developing a plan for disposal, it’s crucial to check local and federal regulations to make sure you don’t pollute a landfill with any dangerous chemicals or materials from your hardware, which could put your company at risk of being hit with huge fines.
While upgrading hardware can significantly improve workplace efficiency, as well as save a lot of money, you need to consider security before you leave your old PCs and printers out for hard-rubbish collection.