Printers, copiers and multifunction products (MFPs) have evolved over the years and have become an integral part of business networks, providing greater functionality for the office user.
However, with almost all technological progress comes unintended consequences or compromises. For the office copier, that consequence has been the retention of document images, which can mean that sensitive information and data are at risk of being accessed by unauthorized parties if the proper security measures are not taken.
“Security breaches of any kind, in any industry, are not to be taken lightly, but office technology security breaches can result in expensive litigation and government fines for non-compliance with HIPAA, FERPA, Sarbanes-Oxley and eDiscovery regulations,” says Sonny Kumar, the vice president and general manager of Toshiba Business Solutions. “Many of these government regulations are relatively new and businesses are still learning how to properly protect themselves and maintain compliance.”
Smart Business spoke with Kumar about how businesses can examine their office technology security practices.
What questions should I ask my local office technology dealer regarding security when purchasing a new copier or multifunction product?
The first and arguably most important thing you can do is clearly communicate your security needs and concerns. Because every business has varied requirements when it comes to document and device security, copier manufacturers and their respective dealers often have a variety of options to help address each customer’s unique needs. For example, a health care agency that deals with many individuals’ sensitive personal information and health records and which must be in compliance with government regulations requires the utmost in security. On the other hand, a small home-based business may not require as many security measures.
Good questions to ask include: Is encryption standard on the devices considered for purchase? Does the encryption meet or exceed U.S. Department of Defense standards? What does a data overwrite kit do? What does an ‘end-of-life scrub’ do?
The most important thing is to make sure you have a plan upon entering a lease for how you intend to handle security, both while the device is in use in your office, as well as after the lease has ended and the device is removed.
