Control Reminder: Security risk with copiers

If your unit has or uses equipment that copies, scans or otherwise reproduces images, you should be aware of the following security risks:

  • The University copies, prints and scans thousands of documents each day. These documents may contain information that is sensitive, confidential and/or protected under FERPA, HIPAA or other laws governing data and records confidentiality.
  • Many printers, copiers and scanners used today have hard drives that save image copies of all processed documents. If these devices are disposed of as is, documents are retrievable with many free tools.
  • Internal, confidential or regulated information obtained by unauthorized individuals is a security breach. A security breach can significantly impact WSU as a whole, as well as individual areas or departments. Consequences can include hefty fines from regulators, reputational damage with granting agencies and potential undermining of public trust in the University’s ability to appropriately manage sensitive information.

To ensure images from copied or scanned documents do not fall into the wrong hands, consider the following:

  • Security Controls: Proper configuration of security controls on multi-function devices is critical. At a minimum, administrative access to the device should be configured with a non-default password. If the unit supports drive encryption, this should be enabled.
  • Education and Awareness: Educate office personnel on appropriate management of sensitive information and risks associated with equipment used to copy or scan. Remember the greatest security risk is presented when equipment leaves the University. No copy and print equipment should leave University units, whether through disposal, resale or trade-in (for leased equipment), without going through Surplus Stores (see BPPM 20.76, Surplus Property) to ensure proper removal of data.
  • Disposal and Resale: While University departments may transfer and sell equipment directly to other units, Surplus Stores (509-335-3089) is the only University department authorized to sell or dispose of equipment outside the University. Surplus Stores will ensure hard drives are properly wiped before equipment is resold. A similar process is used to clean computers when they are sent to Surplus. If you are trading, upgrading or replacing the equipment, contact Surplus Stores.
  • Leased Equipment: In addition to Surplus Stores, Purchasing Services (509-335-3541) should be involved in trade-ins of leased equipment.

For questions or additional information, you may contact the Office of Internal Audit at ia.central@wsu.edu.

The Notices and Announcements section is provided as a service to the WSU community for sharing events such as lectures, trainings, and other highly transactional types of information related to the university experience. Information provided and opinions expressed may not reflect the understanding or opinion of WSU. Accuracy of the information presented is the responsibility of those who submitted it. The self-uploaded posts are reviewed for compliance with state statutes and ethics guidelines but are not edited for spelling, grammar, or clarity.

Next Story

Provost finalists visiting the week of April 1

Finalists in the process of interviewing for the position of provost and executive vice president will present to the public during their visits to WSU next week.

Recent News

WSU to review administrative structure

President Kirk Schulz used his annual State of the University Address to highlight both achievements and challenges while also announcing a planned review of WSU’s administrative structure and academic programs.

WSU students report on refugee crisis in Armenia

Murrow College of Communication students traveled to Armenia over spring break to interview international conflict refugees and the aid workers helping to resettle them.