How the wrong encryption can affect your fax security and compliance
The distinction between SSL and TLS is more than a technical upgrade and can actually mean the difference between your digital communications being safe from cyber criminals and compliant with federal regulations
When it comes to transmitting secure data over the Internet, the data-encryption protocol SSL (Secure Socket Layer) had a great run.
It enjoyed a long life as the preferred method of protecting digital communications over the Internet — from the early days of the World Wide Web until very recently.
But with the exponentially increasing amount of highly sensitive data flying through cyberspace — personal information like banking details, medical records, confidential business data such as Personally Identifiable Information — the need has grown for an even stronger data-encryption protocol than SSL.
Which brings us to the far stronger TLS, or Transport Layer Security.
The two protocols are still referred to interchangeably by many in the IT profession, largely because their processes are so similar. (In addition to encryption keys that render transmitted data to nothing but a a data blob to anyone but authenticated recipients, the primary difference from SSL is that TLS eliminates key security vulnerabilities which can be exploited by cyber hackers to break into your back-end systems and steal customer information, or spoof being stolen customer’s information to commit identity fraud.
The degradation of SSL v3.0 technology — and what it means for your fax security
As this recent feature on SSLv3 from NIST (the National Institute of Standards and Technology) explains, the US government’s official position is that this SSL is now vulnerable and open to attack from hackers. The most high-profile example is the “POODLE” attack, discussed in this alert from the Department of Homeland Security. The POODLE attack takes advantage of a flaw within many web servers and browsers that allows a form of ‘Man-in-the-Middle’ attack where essentially user session cookies are stolen and used to create a new session in the web server, emulating a user (or your customer) from which the cookie was stolen.
Indeed, the newest versions of Transport Layer Security — TLS 1.1 and 1.2 — are considered so much more effective at data protection that since their introduction theUS government has mandated their use for government communications over the Internet.
So, why should you care?
If you’re planning to move your business fax infrastructure to a cloud fax solution, it is vital for the security — and possibly even the regulatory compliance — of your faxes that you check first to make sure the online fax solution you’re considering offers these two security protocols:
1) TLS encryption is the minimum connection protocol used for transmitting your faxes electronically (by email or online).
2) AES (Advanced Encryption Standard) 256-Bit encryption of your fax data while at rest.
You can find both of these leading encryption standards to protect all of your business faxes — both in transit and while at rest in secure cloud storage — from eFax Corporate’s secure fax product, provider of a strong portfolio of online faxing solutions and the trusted fax partner for businesses in the most heavily regulated industries.
