I believe that multi-functional copiers (combined photo-copier and scanner,
linked to e-mail and fax functionality) may create business and records
management risks.
For example: Ability to send images of paper documents, to multiple
(internal and external) e-mail addresses and faxes, directly from the
scanner or copier (with very little audit trail, except about date & time
sent). Open access, and proximity to insecure filing cabinets, increase
risk of intruders copying and sending your confidential stuff to external
addresses. Ability to add and send a 'cover note' (which might contain
additional business information) to an e-fax or e-mail, without retaining a
copy. Free access to the entire company e-mail address, fax & phone book,
via the copier memory. As per computers, images of confidential documents
retained on the hard disk memory; retrievable even after 'deletion'.
There may be other risks I haven't discovered yet? Controls, for example
restricting access via user pin number; and implementing good RM & business
house rules. Has anyone else any experience or advice to share?
Cheers! Mike Marsh.
|