Recently, I was working on a Cosaint end-user awareness course about fax security – when it’s safe to use a fax, how to protect faxed information … But, as I worked on it, I became increasing convinced that it’s never safe to use a fax for sensitive information. Tell me if you think I’m over-reacting.
Some of the security risks with faxes are pretty obvious. For instance, you could mistakenly send your fax to the wrong place (reversing digits in a phone number is surprisingly common), the fax might be picked up by the wrong person at the other end (how many fax machines have you seen in common areas, or unattended cubicles?), or you might forget to pick up the documents from your own fax machine after you’ve sent them (been there, done that!).
But here are some other things that struck me as I worked on the course.
- Faxes can be intercepted in transmission down a regular telephone line relatively easily, and at relatively little cost – some sources have put the cost of equipment to do this as low as $20. So, if a hacker/criminal can gain access to the telephone line – perhaps in a wiring closet in your office building – they can intercept and read faxed documents.
- Maybe you use a VOIP service such as the phone service provided by your cable TV company. Now, you’re sending the information across the Internet so you’re no more secure than if you sent it to a website using an unencrypted web browser session. And I don’t think many of us would feel comfortable with (say) logging on to our online bank account unless it was using SSL encryption.
- Some people/organizations receive faxes using an Internet service that converts them to PDF files, and then forwards the PDF file to the recipient by email. So it’s no more secure than any other email or file transferred across the Internet.
- To get around this problem, some Internet fax services use encrypted files rather than PDF files. That’s a step in the right direction, but your fax transmission could still be intercepted before it reaches the server that’s going to encrypt it!
- Finally, some fax machines retain scanned faxes in memory after they’ve been sent. This might allow people to access them without your knowledge – a significant problem if you plan to use a fax machine in a public place such as a copy shop.
Given these problems, I don’t see how we can ever regard faxed information as secure. Or am I missing something?