Security
Headlines
HeadlinesLatestCVEs

Headline

Cloud fax company claims healthcare pros are ditching email for ‘more secure’ fax

The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extr

PortSwigger
#vulnerability#web#mac#git#pdf#zero_day#ssl

The fax is dead. Long live the online fax?

A new study suggests many healthcare professionals believe that flaws in today’s web security landscape are prompting a return to what’s been deemed an “extremely” secure medium: fax.

Published earlier this month, eFax research surveyed 1,000 IT and business decision-makers in the UK and Europe.

According to the report (PDF), 62% of respondents in the healthcare sector said that security was the major reason for a “migration” to cloud-based fax systems, and 21% of those surveyed believe that digital fax systems are “extremely” secure.

What is ‘cloud fax’?

Cloud faxing removes the need for on-premise equipment on both sides of a transmission. The gist is that users can send a fax quickly, via an online service, to be viewed and/or printed by the recipient.

Among fax users in healthcare, 37% of respondents said they use “cloud-based fax” systems, while 21% use both cloud and traditional faxing.

The research is the work of eFax, a company that uses the slogan: “The fast & easy way to send and receive faxes by email”.

It’s interesting, then, that the company’s own research says: “One of the main problems with email is its increasing vulnerability to interception, hacking, and fraud.”

“eFax is an internet fax service that eliminates the need for a fax machine, extra fax line, and all the associated expenses,” the company says. “Get a real local or toll-free fax number to send and receive faxes as email attachments. Online faxing is more reliable, secure, and convenient than analog fax machines.”

Blurred lines

When you send a test eFax ‘fax’, you receive an ‘incoming’ fax email with a PDF attached. Faxes can be sent to a phone number or online assignment number and can be accessed via email, the eFax portal, mobile app, or a standard fax machine.

Overall, a third of respondents (37%) said fax usage was likely to increase in the future – but 35% also said there might be a decrease.

However, while eFax appears to be trying to separate email and fax security, the line between what can be considered a fax message, or just an email, has been blurred.

Read more of the latest email security news

Traditional fax machines were considered secure in the past as they were ‘dumb’, internet connections were dial-up or nothing, and contained limited, analog functionality.

But the moment you connect a fax ‘number’ to a digital channel – whether this is an online portal accessed through a browser, email account, or app – there is always a risk of compromise.

When the study was published, Scott Wilson, vice president of sales and service at eFax, commented:

It’s clear that email is the established and widely accepted format for most communications, but it’s flawed and vulnerable to interception and hacking. Cloud faxing is more secure than email not least because fax infrastructure has limited exposure to the internet and internet-connected devices.

‘Encryption is king’

Using a fax number to send a message rather than an email address might not be traceable to a specific company department or user, and so could mitigate the risk of targeted attacks.

Sending a document directly to a physical fax machine, too, might have some perceived advantages – but it does not take away the risks of its underlying, digital infrastructure.

When asked by The Daily Swig how eFax differs from standard email, and what security or encryption measures are in place, the eFax did not respond. (The firm’s help center, however, does mention TLS and some form of encryption.)

Simon Mullis, CTO of Venari Security, commented: “Cloud-based fax systems are a resourceful way to ensure the secure communication of confidential information, but for most encryption will be king.

“With 25% of healthcare organizations saying they rely on email encrypted software, it’s important to recognize the role of end-to-end encryption in ensuring higher levels of security and privacy, while also remaining compliant of regulations like GDPR.”

Cloud fax services can be quicker, cheaper, and more convenient for businesses that don’t want to rely on analog lines. However, the jury’s out on whether digital ‘faxes’ are any more, or less, secure than email – especially when both would depend on the implementation of basic security measures such as end-to-end encryption.

YOU MIGHT ALSO LIKE Zero-day flaws in GPS tracker pose surveillance, fuel cut-off risks to vehicles

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig