It was only a few weeks ago that I saw a fax come into our office that got my mind spinning: Are faxes really a secure way to send, well, anything?
The idea of sending an image over wires is old, very old. In fact, the predecessor to today's fax machines were in use before Alexander Graham Bell invented the telephone. To put some perspective on that, a form of fax technology was in use in Europe at the time the US Civil War was ending.
Certainly the technology in use today, a full 150 years later, must be better? The answer isn't a simple "yes" or "no."
The quality, speed, and reliability of fax machines has improved by leaps and bounds since its inception. Even in this high-tech year of 2019 we find a large segment of health care, legal, insurance, and government agencies relying on fax technology every day. Fax technology is reliable, but is it secure?
In short, the answer is "no." Let's take a very quick look at some of the common security issues with faxing.
Traditional faxing (fax machine to fax machine) lacks any type of encryption. The standard fax protocol is shared across the industry. Simply gaining access to a fax machine's phone line (tapping) would allow all data transmitted to be accessible.
Sending and receiving faxes by email has gained a lot of traction in the last decade. The ability to send and receive faxes on one's computer has virtually eliminated the need for a physical fax machine. Many third party providers allow their customers to send a fax by emailing a document to a specific domain. This could be achieved, for example, by sending an email with an attachment to an address like: email@example.com. The service provider then faxes the attached document to the phone number provided (315-555-1212) as part of the email address. There are a number of security failures with this method, the most notable and obvious being the use of unencrypted email which, unlike a traditional fax, exists long after the initial transmission has taken place.
There are more secure faxing options out there. Vanguard Research & Title Services, Inc. uses a service that allows us to securely upload our documents for faxing as opposed to emailing them. This secure connection eliminates security issues on our end but unfortunately does nothing to address them on the recipients' side of the communication. Unless the recipient is using a similar service, receipt of these fax transmissions by traditional fax or email results in a huge gap in security.
Fax technology must be considered a part of your cybersecurity plan. Due to the high probability of a security failure on the part of the sender, recipient, or method of transmission, it's probably time to say goodbye to your fax machine.
The author welcomes comments and discussion.
To provide comments, Email the author: firstname.lastname@example.org.
The author reserves the right to edit or reject material provided.