Will paper records lead to a security breach at your company?
In the digital age, it seems that everyone can know almost anything about anyone. Social media usage has made it effortless to stay on top of every thought and every move of the people we connect with.
Tell us you didn’t share pictures of the chocolate lava cake from last night’s dinner.
Mountains of data also open countless possibilities for businesses, but every coin has two sides, and all this information also carries serious responsibilities and monumental risks.
Data breaches have become a new watchword for business in the modern era. The magnitude of breaches continues to grow and the consequences for business are major.
The average cost per record breached is $237 per record, according to the Ponemon Institute, but the cost can vary widely by industry. But that is only the beginning of your woes should your company find itself in that situation, since the cost to resolve a data breach is another $258. So that is at least $500 per record, and with many digital data breaches revealing hundreds, thousands and sometimes even millions of customer records, the costs can quickly escalate. The average total cost per event has reached nearly $8 million. Even worse, those out of pocket costs don’t take into account the damage to your organizations’ reputation, which can impact future sales.
Data breaches can happen in a number of ways. One of the most common is people falling for phishing email that lead them to reveal their account logins and passwords. It seems no matter how much training is done, there is always one or two employees that always fall for it, and it only takes one to allow malicious activity into the network.
Third party vendors whose security practices that are not properly vetted are another avenue that can come back to bite the unsuspecting IT manager. And then there are the previously unknown backdoors that nobody knew about before. We will discuss one of those further on that may surprise you.
Paper risks are still significant
While digital data breaches account for the vast majority of records breached, the risks posed by paper records are still significant and should not be overlooked. The typical scenario goes something like this – boxes containing thousands of paper records from a national chain store, containing personally identifiable customer details like names and addresses, credit card data and even social security numbers, are discovered in a dumpster behind a strip mall. The customers involved are at risk for identity theft. The story gets picked up by the local media and goes viral, and the business is found to be in violation of multiple statutes aimed at protecting consumer privacy.
It may be surprising to know that, even in the digital age, many operations still rely on a medium that dates back to the Middle Ages. For one reason or another, these organizations continue to print, sort and file paper records. Those records are at risk of theft and loss. While not quite as old, many businesses also continue to send paper records and forms through fax.
The use of fax is especially noteworthy in regulated industries that have prohibitions against sending personally identifiable customer information by email, such as banks and finance companies, as well as mortgage brokers, law firms, insurance agents, accountants, schools, healthcare providers, and so on. The alternatives are paper mail, which is slow, courier and package delivery services, which are expensive, and fax, which is fast and cheap.
Legacy fax machines can leave your operation vulnerable to a data breach in a number of ways, some of which may seem surprising, if not completely obvious. Fax lines are generally secure, but once that paper slips into the tray, the possibilities for data breach open up.
The many ways paper fax fails to protect privacy and security
How do fax machines leave your company vulnerable to a data breach? Paper sitting in a fax tray is:
- Vulnerable to prying eyes.
- Vulnerable to theft or unauthorized access.
- May be mis-delivered or misfiled.
- Pagers can be mixed up, damaged or lost.
Once delivered and stored, paper in a file cabinet is not much better. Filed paper:
- Is not restricted
- Can be damaged
- Is not subject to automated retention policies
- Leaves no audit trail
- Easily stolen
If that is not enough to finally pull the plug on your legacy fax machines, it has recently been discovered that the phone lines connecting those devices, which include multi-function printers with fax capability, can be used as an avenue for malware that completely bypasses the corporate firewall.
To solve the paper problem, look to the cloud
Some of you may think that getting rid of the paper will solve the problem. We’ve heard stories of users faxing documents to themselves to create a digital copy, or hiring runners to get documents to or from the fax machine.
Unfortunately, switching to email is not a suitable solution in many cases. And runners are really only good for one thing: running.
Here’s another eye opener: Many users may not realize that email is insecure by default. Without encryption, email leaves your documents vulnerable when they are at rest and in transit. This starts when you send them from your computer and continues even after the message has been received by your recipient’s mail server.
So what to do?
The good news is that business has another option.
Cloud faxing offers business the advantages of sending and receiving sensitive documents digitally, from desktop to desktop, under the protection of secure transmission protected by strong encryption and authentication protocols, this protects you from all the vulnerabilities of paper documents both during their transmission and while they are at rest, but only if the cloud provider offers this capability and implements it correctly
Of course, not all cloud fax products are created equal.
The eFax Corporate Solution
eFax Corporate® is an enterprise grade provider of online fax services, trusted by nearly half of the Fortune 500 companies and serving more than 11 million customers worldwide. eFax Corporate offers a number of protections against data breaches, including a new RESTful API, the strongest NIST-approved encryption standards for data in motion and at rest, and a secure, compliant, and redundant global cloud fax network.
To learn more about how eFax can help your company avoid data breaches, read our white paper, Balancing Productivity, Compliance and Security in a Paper World.