Even in the email age, faxing is an excellent way to transmit important documents. Faxes are legally binding, making them a popular choice for attorneys or businesses that want to send contracts remotely. Medical professionals also often communicate with one another using faxes.
However, just as with any technology, you need to ensure that your fax is secure, especially if you're sending sensitive information. You don't want to violate someone's privacy or damage a potential business relationship because your faxing practices aren't safe. Even if you do so by accident, violating someone's privacy can open you up to fines and other legal consequences. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that businesses ensure the confidentiality of patient information and safeguard against threats to its security. The Sarbanes-Oxley Act also requires that companies protect financial data.
Here are some fax safety tips and best practices.
A fax can be sent either by a traditional method or online. Each method has its pros and cons from the perspective of safety and convenience.
Traditional faxing uses a fax machine and phone line. On the plus side, phone lines are typically less vulnerable to hackers than the Internet. However, paper faxes sent over a machine may easily be picked up by the wrong person on the other end, without the sender knowing the difference. The document also might lie by the fax machine for hours, open to public view. All-in-one machines also do not often accept authentication protocols for faxes, which open them up to malicious faxes that can access the receiver's entire network.
Online faxing involves sending a document directly from the computer; if the document weren't created on the computer, the user would need to scan it first. You avoid the security challenge of having the document lie on a machine at the other end, but some online methods open you up to a host of cybersecurity challenges. However, if you establish and follow solid security protocols, online faxing will be the most secure option.
As we mentioned previously, a significant security risk of traditional faxes takes place on the receiving end. One way to avoid having a traditional fax picked up by the wrong person is to call the intended recipient just before you send the fax. The phone call will alert them that the fax is coming. If you can, also try to fax only to machines that are in private offices, rather than in a central location. Consider requiring passcodes before someone can access the fax.
Another risk is inherent in how a fax machine works. Fax machines work by scanning documents and transmitting the scanned facsimile to the receiver. Some machines retain the image of the scanned fax on their hard drive. If you lease your fax machine or you own it and later sell it, the new recipient can easily access any data stored on the machine's hard drive.
To mitigate this risk when using a traditional fax or all-in-one machine, look for one that automatically wipes the hard drive. Alternatively, negotiate a contract with your lease provider allowing you to keep the hard drive when the lease ends.
Traditional fax machine protocols have existed for 30 years, and hackers know how to tap into them. According to Wired, the security protocols for fax machines are poorly documented, and many businesses fail to implement them correctly. Hackers can send malicious faxes to all-in-one machines and access the entire network because these machines don't generally allow for authentication protocols for faxes. Keeping software updated on these all-in-one machines can lower the risk some, but not completely.
Online faxing is a secure option when you implement the right protocols on the devices, servers, and Internet connection. Here are some best practices for online faxes.
Encrypting faxes from device to delivery is important and is a regulatory requirement for many types of faxes. Even if hackers gain access to the fax, reading an encrypted fax would take considerable effort. Multiple layers using TLS 1.2 and AES 256-bit encryption are best.
Verify that you're sending the information to the correct person. Also, follow up with them to ensure their devices and servers are secure and that they will treat the information with care.
Electronic signatures reduce the back and forth that accompanies fax transactions that require actual signatures. The fewer documents that are sent, the smaller the cybersecurity risks.
If you are still using an in-house server, you must take steps to protect it from cyberattacks to ensure online faxes are safe.
The cloud is a remote server that resides in a data center. Using cloud storage instead of storing documents on an inhouse server enhances security. In many cases, using a cloud server transfers responsibility for data security to the third-party data center.
Using a cloud server for storage also helps with tracking documents. You can also easily attach documents stored in the cloud without having to scan them.
Another way to keep faxes secure is to keep your devices secure as well. You want to limit access so that only authorized people can use computers, tablets, and phones. You also want to ensure you don't leave holes that hackers can exploit.
Protect your wireless router from strangers or hackers to ensure they can't gain access to sensitive information that way.
Knowing fax safety practices is only effective if you can implement them office-wide. Companies should consider fax and cybersecurity risks just as they do any other risks to their businesses.
The first step in implementing a safe faxing protocol is to gain the buy-in of everyone in the executive suite.
Then, the executive team should empower someone in writing to implement the security plan. It can be an executive within the organization already or a new director of cybersecurity. The key is that the responsibility falls on someone and that other executives agree to support the individual in the task.
The next step is to document what you need to do. Look at the regulations that govern the types of faxes your organization sends; for example, is sending a HIPPA compliant fax a requirement?
Go through the organization and identify potential fax safety threats. Then, determine how you will fix them. For example, if you are sending traditional faxes but want to switch to online, will you use a service or invest in the equipment, infrastructure, and security measures yourself?
Also, consider how you will implement the new protocol or incorporate the new service provider into your current workflow. A fax API that easily integrates with existing applications can provide a seamless experience.
Involve employees at all levels to help in establishing the policy; no one likes to feel they are being dictated to from above. Having front-line employee input will lead to better buy-in and a more successful transition.
Once you decide on how to implement protocols, be sure to communicate your decision to the entire workforce. Explain clearly the reasons for your decisions. Realize that some employees may initially see the new procedures as limiting their freedoms; you'll need to convince them that the new protocols protect them from embarrassment, legal hassles, computer viruses, or lost clients, too.
Establish a written security policy that complies with the legal requirements of your industry. Once you've established the policy, be sure employees read and understand the policy and sign it. The policy should specify password protocols and access permissions and indicate how to secure their laptops and mobile devices. Emphasize the importance of this policy for everyone and describe how you will enforce it.
Finally, carefully monitor progress with the new protocols and tweak as necessary. Involving all levels of employees in the monitoring process can be helpful, as well.
Online faxing can be a powerfully secure way of sending information. You can achieve real digital transformation and send faxes safely and securely. The key, however, is that both the provider and receiver must have the right protocols in place and employees must follow the protocols. Establishing the necessary protocols, securing the necessary equipment, and gaining employee buy-in can be challenging and time-consuming tasks.
The good news is that you don't have to figure out fax safety protocols all on your own. Our experts at mFax can help you create protocols that comply with HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley and that easily integrate into your current workflows.
If you want a more secure, efficient, and scalable way to fax or have any questions about faxing or fax security, please contact our fax experts: sales@documo.com. They'll be happy to answer your questions, with no obligation.
Computer World: 10 steps to a successful security policy
Centers for Disease Control: Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Free Code Camp: Server Security Tips – Secure Your Server with These Best Practices
FTC: Small Business Computer Security Basics
Mad Security: HOW TO BUILD A WINNING CYBERSECURITY PROGRAM
Online Fax.org: How to Send and Receive a Fax Online
Panda Security: 8 Mobile Security Tips to Keep Your Device Safe
PC Magazine: How to Send and Receive a Fax Online
Technology Safety: Best Practices on Faxes
Wired: Fax Machines Are Still Everywhere, and Wildly Insecure