MSPmentor Blog

4 Fax Security Weaknesses Your Clients Don’t Know They Have--and How You Can Help

by eFax Corporate Guest Blog
Mar 15, 2016

Your clients probably don’t even realize the data they send and receive via traditional fax faces security weak points--and, by extension, puts them at risk of non-compliance. This is where you can help them.

Faxing is still a key part of today’s business world--to the tune of 100 billion (yes, “b”) pages a year, according to research firm Davidson Consulting--for a number of reasons, including security, compliance and ease of use. In fact, a CIO Insight article tells us that 72% of U.S. companies still have fax machines.

However, here’s a caution flag for you. If your clients are still running their fax processes on aging, analog-era infrastructure--desktop fax machines, internal fax servers, gateway software, analog fax lines--this might be among the least secure protocols they use for transmitting their data. Traditional faxing can present security vulnerabilities at every step in the process.

Moreover, your clients probably don’t even realize the data they send and receive via traditional fax faces these security weak points--and, by extension, puts them at risk of non-compliance. This is where you can help them.

In this post I’ll outline a few of the typical ways traditional fax transmissions (and fax storage) can expose your clients’ data to security and compliance problems. I will then suggest a cost-effective and far more secure alternative that you can offer your analog-faxing clients--an enterprise-class cloud faxing service--which will be easy for you and them to deploy, and lucrative recurring revenue for your business.

4 Common Security Weaknesses of Standard, Legacy Faxing

  1. The desktop fax machine

Fax machines may store electronic copies--“images,” actually--of the faxes they send or receive. The same is true for copiers, scanners, multifunction printers and other standard office hardware used to transmit analog faxes.

In other words, any confidential data your business transmits over a fax machine can live, unsecured, on the machine’s drive. Typically, the only way these stored fax images are removed is when they are overwritten by newer faxes transmitted by the same fax machine--and then those documents become vulnerable, as well.

  1. The in-house fax server

Many in-house fax servers are not pre-equipped with encryption software for their hard drives--which means these servers, like fax machines, can store unsecured copies of the documents they transmit. And because fax servers can often have large-capacity hard drives, these unsecured electronic copies of a company’s transmitted faxes can sit unsecured for long periods of time.

Worse, because these hard drives do have limited storage capacity, eventually someone will have to “purge” the stored faxes to make room for new ones. And they will typically do this by printing them out, for filing and record-keeping. This creates a new set of security and compliance problems.

Printing out the contents of a fax server’s hard drive for record keeping means that anyone who happens by that stack of paper might view or remove a fax containing proprietary data or personally identifiable information (PII).

  1. Shoulder surfing

Fax machines present another security vulnerability related not to the machine’s technology but rather to the fact that the paper documents your clients send or receive through that machine often sit there, unattended, where they can be viewed or taken by personnel not authorized to have access to the information the documents contain.

This type of “shoulder surfing” is why many institutions--including the University of Chicago, in its internal staff HIPAA Reference Guide--recommend against sending confidential information governed by regulations like HIPAA by traditional fax unless the sender first contacts the intended recipient to make sure he or she will be standing by the fax machine to receive the document immediately.

  1. Outdated encryption protocols for fax delivery

The standard analog fax transmission across the PSTN is not encrypted (although the documents can be difficult to decipher). And because an analog fax is in reality just a transmission of voice tones, like a phone call, an experienced cyber hacker can actually “eavesdrop” on a fax in transit.

Additionally, many cloud fax services encrypt fax documents in transit using the now outdated Secure Socket Later (SSL) protocol--far less effective for encrypting data over the Internet than the more sophisticated Transport Layer Security (TLS). The primary disadvantage of SSL is its vulnerability to man-in-the-middle (MITM) attacks.

In other words, if your clients are still transmitting via fax any data that is confidential, proprietary or regulated by data-privacy laws, they should not be doing so using their legacy fax infrastructure or weak encryption protocols such as SSL.

A far more secure alternative, which you can offer your clients, is the fully hosted cloud fax service from eFax Corporate.

For Your Clients’ Security, it’s Time to Educate Them About Upgrading to Cloud Fax with eFax Corporate

By helping them upgrade to our enterprise-class cloud fax solution, your clients will enjoy a significant boost in fax security--with the latest TLS encryption for all faxes by email across our highly secure networks, strong audit trails and enhanced compliance with HIPAA, GLBA and Sarbanes-Oxley, among other regulations.

This is why eFax Corporate, part of j2 Global, is entrusted every day to transmit millions of pages of sensitive corporate documents by businesses in the most heavily regulated industries. Our proven process helps enterprises meet strict federal mandates regarding data transfer, tracking and storage.

The eFax Corporate solution is now available for you to include in your service portfolio--when you join our support-driven, high-touch Partner Program. Please visit our eFax Corporate Partner page to learn more.

Currently responsible for the Enterprise Partner Program for j2 Cloud Services, Peter Ely is a 27-year technology veteran, having held senior executive positions looking after presales support, product management,  product marketing and technical evangelist teams in the telecommunications and data networking arenas in positions located across two continents and three countries.

 

Discuss this Blog Entry 0

Post new comment

or register to use your MSPmentor ID