Even in the email age, faxing is an excellent way to transmit important documents. Faxes are legally binding, making them a popular choice for attorneys or businesses that want to send contracts remotely. Medical professionals also often communicate with one another using faxes.
However, just as with any technology, you need to ensure that your fax is secure, especially if you're sending sensitive information. You don't want to violate someone's privacy or damage a potential business relationship because your faxing practices aren't safe. Even if you do so by accident, violating someone's privacy can open you up to fines and other legal consequences. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that businesses ensure the confidentiality of patient information and safeguard against threats to its security. The Sarbanes-Oxley Act also requires that companies protect financial data.
Here are some fax safety tips and best practices.
An Overview of Fax Safety
A fax can be sent either by a traditional method or online. Each method has its pros and cons from the perspective of safety and convenience.
Traditional faxing uses a fax machine and phone line. On the plus side, phone lines are typically less vulnerable to hackers than the Internet. However, paper faxes sent over a machine may easily be picked up by the wrong person on the other end, without the sender knowing the difference. The document also might lie by the fax machine for hours, open to public view. All-in-one machines also do not often accept authentication protocols for faxes, which open them up to malicious faxes that can access the receiver's entire network.
Online faxing involves sending a document directly from the computer; if the document weren't created on the computer, the user would need to scan it first. You avoid the security challenge of having the document lie on a machine at the other end, but some online methods open you up to a host of cybersecurity challenges. However, if you establish and follow solid security protocols, online faxing will be the most secure option.
Traditional Fax Safety
Implement Safety Protocols for Receivers
As we mentioned previously, a significant security risk of traditional faxes takes place on the receiving end. One way to avoid having a traditional fax picked up by the wrong person is to call the intended recipient just before you send the fax. The phone call will alert them that the fax is coming. If you can, also try to fax only to machines that are in private offices, rather than in a central location. Consider requiring passcodes before someone can access the fax.
Secure the Hard Drive
Another risk is inherent in how a fax machine works. Fax machines work by scanning documents and transmitting the scanned facsimile to the receiver. Some machines retain the image of the scanned fax on their hard drive. If you lease your fax machine or you own it and later sell it, the new recipient can easily access any data stored on the machine's hard drive.
To mitigate this risk when using a traditional fax or all-in-one machine, look for one that automatically wipes the hard drive. Alternatively, negotiate a contract with your lease provider allowing you to keep the hard drive when the lease ends.
Secure Fax Machines If Possible
Traditional fax machine protocols have existed for 30 years, and hackers know how to tap into them. According to Wired, the security protocols for fax machines are poorly documented, and many businesses fail to implement them correctly. Hackers can send malicious faxes to all-in-one machines and access the entire network because these machines don't generally allow for authentication protocols for faxes. Keeping software updated on these all-in-one machines can lower the risk some, but not completely.
Online Fax Safety
Online faxing is a secure option when you implement the right protocols on the devices, servers, and Internet connection. Here are some best practices for online faxes.
Use Encryption Technology
Encrypting faxes from device to delivery is important and is a regulatory requirement for many types of faxes. Even if hackers gain access to the fax, reading an encrypted fax would take considerable effort. Multiple layers using TLS 1.2 and AES 256-bit encryption are best.
Ensure the Right Sender
Verify that you're sending the information to the correct person. Also, follow up with them to ensure their devices and servers are secure and that they will treat the information with care.
Consider Using Electronic Signatures
Electronic signatures reduce the back and forth that accompanies fax transactions that require actual signatures. The fewer documents that are sent, the smaller the cybersecurity risks.
Protect Your Server
If you are still using an in-house server, you must take steps to protect it from cyberattacks to ensure online faxes are safe.
- Constantly upgrade both software and operating system.
- Specify access privileges and make them as restrictive as possible. Not every employee needs access to every document your organization stores.
- Set up virtual private networks so that you can exchange information within the company without any possibility of outside access.
- Use firewall protection.
Using the Cloud
The cloud is a remote server that resides in a data center. Using cloud storage instead of storing documents on an inhouse server enhances security. In many cases, using a cloud server transfers responsibility for data security to the third-party data center.
Using a cloud server for storage also helps with tracking documents. You can also easily attach documents stored in the cloud without having to scan them.
Keep Devices Secure
Another way to keep faxes secure is to keep your devices secure as well. You want to limit access so that only authorized people can use computers, tablets, and phones. You also want to ensure you don't leave holes that hackers can exploit.
- Keep software and operating systems updated.
- Use long passwords and never use the same password for more than one account. Don't share passwords by text or email, and lock up any that you write down.
- Don't leave mobile devices unattended. Lock up rooms with computers.
- Keep your phone locked.
- Beware of downloads. Adopt policies and procedures that forbid downloads without the approval of IT departments.
- Enable encryption settings on mobile phones.
- Install anti-virus software.
Protect Your Networks
Protect your wireless router from strangers or hackers to ensure they can't gain access to sensitive information that way.
- Change the router's name from the one the manufacturer gave it to something unique to you or your company.
- Change the default password to something unique.
- Keep the router's software up-to-date.
- Allow only specific devices to access the network.
- Encourage employees to beware of wireless hotspots, which often lack security features. Only log on to networks that require a WPA2 password.
How To Set Up a Safe Protocol in Your Office
Knowing fax safety practices is only effective if you can implement them office-wide. Companies should consider fax and cybersecurity risks just as they do any other risks to their businesses.
Gain Executive Buy-in
The first step in implementing a safe faxing protocol is to gain the buy-in of everyone in the executive suite.
Then, the executive team should empower someone in writing to implement the security plan. It can be an executive within the organization already or a new director of cybersecurity. The key is that the responsibility falls on someone and that other executives agree to support the individual in the task.
Document and Identify Threats
The next step is to document what you need to do. Look at the regulations that govern the types of faxes your organization sends; for example, is sending a HIPPA compliant fax a requirement?
Go through the organization and identify potential fax safety threats. Then, determine how you will fix them. For example, if you are sending traditional faxes but want to switch to online, will you use a service or invest in the equipment, infrastructure, and security measures yourself?
Gain Employee Buy-in
Also, consider how you will implement the new protocol or incorporate the new service provider into your current workflow. A fax API that easily integrates with existing applications can provide a seamless experience.
Involve employees at all levels to help in establishing the policy; no one likes to feel they are being dictated to from above. Having front-line employee input will lead to better buy-in and a more successful transition.
Once you decide on how to implement protocols, be sure to communicate your decision to the entire workforce. Explain clearly the reasons for your decisions. Realize that some employees may initially see the new procedures as limiting their freedoms; you'll need to convince them that the new protocols protect them from embarrassment, legal hassles, computer viruses, or lost clients, too.
Create a Compliant Written Policy
Establish a written security policy that complies with the legal requirements of your industry. Once you've established the policy, be sure employees read and understand the policy and sign it. The policy should specify password protocols and access permissions and indicate how to secure their laptops and mobile devices. Emphasize the importance of this policy for everyone and describe how you will enforce it.
Monitor Progress
Finally, carefully monitor progress with the new protocols and tweak as necessary. Involving all levels of employees in the monitoring process can be helpful, as well.
Ask for Help
Online faxing can be a powerfully secure way of sending information. You can achieve real digital transformation and send faxes safely and securely. The key, however, is that both the provider and receiver must have the right protocols in place and employees must follow the protocols. Establishing the necessary protocols, securing the necessary equipment, and gaining employee buy-in can be challenging and time-consuming tasks.
The good news is that you don't have to figure out fax safety protocols all on your own. Our experts at mFax can help you create protocols that comply with HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley and that easily integrate into your current workflows.
If you want a more secure, efficient, and scalable way to fax or have any questions about faxing or fax security, please contact our fax experts: sales@documo.com. They'll be happy to answer your questions, with no obligation.
Sources:
Computer World: 10 steps to a successful security policy
Centers for Disease Control: Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Free Code Camp: Server Security Tips – Secure Your Server with These Best Practices
FTC: Small Business Computer Security Basics
Mad Security: HOW TO BUILD A WINNING CYBERSECURITY PROGRAM
Panda Security: 8 Mobile Security Tips to Keep Your Device Safe
PC Magazine: How to Send and Receive a Fax Online
Technology Safety: Best Practices on Faxes
Wired: Fax Machines Are Still Everywhere, and Wildly Insecure