The Tax Season Cometh . . . Don’t Let Your Personal Data Get Away

By: Larry Kovnat, manager, Product Security, Xerox Corporation

“In this world nothing can be said to be certain, except death and taxes…and someone trying to steal your personal data.”  Ok, so these aren’t exactly the words Ben Franklin stated in 1789, but they certainly ring true today.

About a year ago you may remember a national television news story highlighting how personal data could be easily accessed and pulled from the hard drives of multifunction printers (MFPs).

Even though the story was presented as an expose, for my part I have to say “thank you” to the network for the awareness the story created.

We’ve been highlighting the issues of information security for years, even writing a few posts on this blog; but we would not have been able to create as much spontaneous education as this story did – which was good thing.

With tax season in full swing, there couldn’t be a better time to revisit this topic. The Open Security Foundation’s DataLossDB reports that nearly 40 percent of all data leaks within the past three years have happened between January and April. In fact, of the 2,402 data loss incidents reported between 2007 and 2010, 916 of them happened during tax season.

While the IRS reports that nearly 99 million people used e-file in 2010, it’s naïve to assume returns aren’t being copied, faxed or scanned. So, it’s worth noting that while MFPs are sophisticated systems they can be attacked just like networked computers and servers.

So, here are two tips to keep in mind during tax season:

1. When printing your returns, use secure print – jobs are safely stored at the device until the owner enters a personal identification number to release them. This controls unauthorized viewing of documents sent to the printer.
2. And for businesses handling tax documents, remember to overwrite your MFPs’ hard drive after tax season ends.  Identity theft is one of the three most common complaints made to the joint FBI/National White Collar Crime Center’s Internet Crime Complaint Center. The FTC advises users to overwrite the entire hard drive at least once a month.