Why Faxing is Less Secure Than Email

coliver

I'm researching about securing PII and policies surrounding that today. Basically every government and business who is liable for PII has a clause that says, "Don't Fax this!" They recommend you encrypt the file itself and then email it.

JaredBusch

@coliver said in Why Faxing is Less Secure Than Email:

I'm researching about securing PII and policies surrounding that today. Basically every government and business who is liable for PII has a clause that says, "Don't Fax this!" They recommend you encrypt the file itself and then email it.

But that is a completely unworkable solution at scale because that prevents the recipient from being able to easily decrypt the file.

coliver

@JaredBusch said in Why Faxing is Less Secure Than Email:

@coliver said in Why Faxing is Less Secure Than Email:

I'm researching about securing PII and policies surrounding that today. Basically every government and business who is liable for PII has a clause that says, "Don't Fax this!" They recommend you encrypt the file itself and then email it.

But that is a completely unworkable solution at scale because that prevents the recipient from being able to easily decrypt the file.

Pretty much. I just found it funny that the consistent thing was to not fax it and encrypt it. Some of them recommended 7zip or winzip encryption and relaying the password via a different medium.

JaredBusch

@coliver said in Why Faxing is Less Secure Than Email:

Pretty much. I just found it funny that the consistent thing was to not fax it and encrypt it.

Oh yes, that part is such a given to me that I did not react to it.

JaredBusch

@coliver said in Why Faxing is Less Secure Than Email:

Some of them recommended 7zip or winzip encryption and relaying the password via a different medium.

A perfectly viable solution to suggest. Just cannot scale.

coliver

@JaredBusch said in Why Faxing is Less Secure Than Email:

@coliver said in Why Faxing is Less Secure Than Email:

Pretty much. I just found it funny that the consistent thing was to not fax it and encrypt it.

Oh yes, that part is such a given to me that I did not react to it.

It seemed relevant to the topic at hand and It was something I hadn't really research before.

travisdh1

@coliver said in Why Faxing is Less Secure Than Email:

@JaredBusch said in Why Faxing is Less Secure Than Email:

@coliver said in Why Faxing is Less Secure Than Email:

I'm researching about securing PII and policies surrounding that today. Basically every government and business who is liable for PII has a clause that says, "Don't Fax this!" They recommend you encrypt the file itself and then email it.

But that is a completely unworkable solution at scale because that prevents the recipient from being able to easily decrypt the file.

Pretty much. I just found it funny that the consistent thing was to not fax it and encrypt it. Some of them recommended 7zip or winzip encryption and relaying the password via a different medium.

Winzip encryption? Poor people really have no clue, huh? At least 7zip uses something that will take me longer than a couple minutes to break.

JaredBusch

@coliver said in Why Faxing is Less Secure Than Email:

@JaredBusch said in Why Faxing is Less Secure Than Email:

@coliver said in Why Faxing is Less Secure Than Email:

Pretty much. I just found it funny that the consistent thing was to not fax it and encrypt it.

Oh yes, that part is such a given to me that I did not react to it.

It seemed relevant to the topic at hand and It was something I hadn't really research before.

Stop being relevant. We don't do that here past post 2.

coliver

@JaredBusch said in Why Faxing is Less Secure Than Email:

@coliver said in Why Faxing is Less Secure Than Email:

Some of them recommended 7zip or winzip encryption and relaying the password via a different medium.

A perfectly viable solution to suggest. Just cannot scale.

Agreed, this is really where things like ERPs and CMS' come into play. If it is centralized then there should be no need to be emailing this information around.

Jason

@scottalanmiller said in Why Faxing is Less Secure Than Email:

@BRRABill said in Why Faxing is Less Secure Than Email:

@Dashrender said

Tapping a phone line once it reaches a neighborhood hub is anything is trival I'm guessing. But the main point that I want to point out here is that tapping a phoneline requires physical access to something, somewhere in the path to make happen. This requirement makes the cost significantly higher than trying to get access to say email, through the previously mentioned malware attack.

Pretty easy to get access to phone lines if you are in any sort of business complex.

Even if you are not. In rural areas it is especially easy to tap lines. There is even equipment that allows you to tap the lines without climbing the poles, you can do it, touchless, from the ground!

Our buliding here is in a rural area.. but because we are the biggest company around Verizon brought the whole trunk of lines multiplex in to our buliding incase we need all of them we would have them.. there are resturants, stores, and urgent medical care centers all around us. all of their analog lines both phone and fax come into our building and we could listen in from the NID

JaredBusch

@Jason said in Why Faxing is Less Secure Than Email:

@scottalanmiller said in Why Faxing is Less Secure Than Email:

@BRRABill said in Why Faxing is Less Secure Than Email:

@Dashrender said

Tapping a phone line once it reaches a neighborhood hub is anything is trival I'm guessing. But the main point that I want to point out here is that tapping a phoneline requires physical access to something, somewhere in the path to make happen. This requirement makes the cost significantly higher than trying to get access to say email, through the previously mentioned malware attack.

Pretty easy to get access to phone lines if you are in any sort of business complex.

Even if you are not. In rural areas it is especially easy to tap lines. There is even equipment that allows you to tap the lines without climbing the poles, you can do it, touchless, from the ground!

Our buliding here is in a rural area.. but because we are the biggest company around Verizon brought the whole trunk of lines multiplex in to our buliding incase we need all of them we would have them.. there are resturants, stores, and urgent medical care centers all around us. all of their analog lines both phone and fax come into our building and we could listen in from the NID

Having worked as an alarm installer for 7+ years I too know how common this is.

I wander into the phone room and start clipping on to various pairs looking for the # I am supposed to use and end up finding all kinds of things that are not part of the company I am there working for.