In 2017…. and Beyond.
Secure communications, secure messaging and secure data storage all took the spotlight once again in late 2017, when hackers accessed the networks of credit-reporting agency Equifax and stole sensitive personal information on more than 140 million Americans.
You don’t need to be an IT professional to know that it’s becoming increasingly difficult even for the most sophisticated businesses to secure communications, either internal or external, against the ever-sharpening skills of cybercriminals. The average person who checks in on the national news now and then has probably heard about at least some of the recent security breaches affecting millions of individuals — like the massive hacks of Yahoo, Google and Instagram, to name just a few.
But this recent Equifax hack can serve as a reminder to all businesses about the need to remain vigilant in guarding every aspect of their digital environments. Maintaining secure communications, secure messaging and secure data storage is an essential part of protecting a business’s reputation, its customers’ sensitive information, its compliance with government regulators — and, ultimately, the company’s bottom line.
So let’s use this latest high-profile data breach as an opportunity to discuss how to secure communications across many of the most common formats — including email, text, video and faxing.
First, though, let’s review one important but often-overlooked part of maintaining secure communications.
One Often-Overlooked Factor Needed for Secure Communications and Secure Messaging
When businesses think of secure messaging and secure communications — encrypting corporate emails, for example — they are typically thinking specifically about making sure those messages travel securely.
But it’s important to remember that after they’ve been delivered — whether they’re inbound or sent messages — digital copies of your employees’ emails (or texts or faxes or even voicemails) will remain on your corporate network as stored data (which may or may not be secured properly). And your business needs to put just as much effort into securing messages once they become stored data as it does on securing these messages in transit — in no small part because your communications are much more likely to be hacked while they’re at-rest, stored as digital data on your networks.
Now let’s examine a couple of best practices for maintaining secure messages and secure communications in their most common formats across your organization.
Secure Text Messaging
Is text messaging secure? It can be, if you implement a Secure Messaging Policy that governs your employees’ use of texting to send and receive company-related data.
These corporate governance policies vary from company to company, but the best practices should include at least the following steps.
The business should first deploy a secure messaging app company-wide — both installing it on all company-issued mobile devices and implementing a policy that any employee who uses their personal device to transmit, view or store company data must also install the secure app.
The company should then conduct employee training on how the secure texting app works, the specifics of the company’s text-messaging guidelines, and what to do if an employee’s device is lost or stolen.
Remember, every text message sent or received from your employee’s smartphone or tablet becomes a stored digital record — a record that could contain sensitive or proprietary data —which will remain on that device until deleted. So it’s important to put a system in place to ensure that message is secure at all times.
The answer, as with text messaging, is that it can be — provided your organization implements a few best practices for secure email.
One of your first steps to maintaining secure email across your company should be to train your staff to avoid the common employee mistakes that can give hackers the access they want — such as not opening attachments and never clicking on links in messages from senders they don’t know, and how to create complex passwords. (The hackers who targeted the Clinton’s campaign’s email network were apparently aided by the fact that the campaign’s chairman chose “PASSWORD” as his email password.)
Additional best practices include deploying enterprise-caliber spam-filtering and anti-virus software, leveraging secure servers and advanced encryption for your corporate emails, and establishing and enforcing staff procedures governing when, where and how your employees can email company-related data.
While many IT professionals understandably wonder if there’s any way to truly secure text messaging and email on their corporate networks, few of these businesses ever consider that their videoconferences might also be at risk from cybercriminals.
But they are.
Hackers have employed all sorts of tactics to either disrupt or gain access to the virtual meetings that businesses are increasingly conducting via videoconferencing tools.
A sophisticated hacker can conduct a DOS (Denial of Service) attack on a company’s video servers, or attack its operating systems, in an attempt to disrupt the business’s ability to communicate. A cybercriminal can also gain entry to an organization’s network and then simply eavesdrop on its video conferences, if those communications are not encrypted or otherwise secured.
Best practices for securing video communications, therefore, will include the steps your organization would take to secure any aspect of its network — firewalls that protect any device used to participate on a video conference, advanced encryption certificates (such as TLS) for your videoconferencing servers, and the strongest possible authentication and encryption for your audio and video clients.
Finally, there’s faxing, the document transfer protocol that most businesses — particularly those in regulated industries like healthcare, financial services, real estate, law and of course Government — still use every day.
The frustrating answer to the question — Is faxing secure? — is that it can be, in theory, but in practice it often isn’t. That’s because even though most businesses still fax every day, this communication protocol has remained so unchanged over the decades and still operates on such antiquated processes that few IT departments give it much thought at all.
But these businesses should be thinking about their faxing infrastructure — because a legacy fax environment can create several gaps in secure messaging.
Paper-based fax documents left sitting on an office fax machine or multifunction printer for example, can create both a security and compliance risk for that company. The “images” stored on a fax machine representing the documents it has transmitted is also another vulnerability for a business’s sensitive data — because those fax machine hard drives are typically not secured.
Even an in-house fax server can create security vulnerabilities — if the server is not encrypted, for example, or even if it is but an employee prints out hard copies of the transmitted faxes to clear disk space and does not immediately secure those hard copies.
So, what are the best practices for business fax security?
Your first step should be to upgrade your organization’s fax infrastructure to a secure cloud fax platform or service — like ours from eFax Corporate, which has been the partner of choice for Fortune 500 firms and more highly regulated businesses than any other cloud fax solution.
When you deploy eFax Corporate, the rest of your organization’s secure faxing best practices will pretty much take care of themselves. Our platform lets your employees send and receive faxes by email, using the most sophisticated security protocols available for both transmitting and storing your fax documents. Indeed, when you set your employees up with the eFax Corporate solution, faxing will become one of your company’s most secure communications protocols.
The unparalleled security and regulatory compliance of our cloud faxing platform is one reason that for nearly two decades eFax Corporate has been the most widely used fax-by-email service of the healthcare, finance, real estate and legal industries.