When the fax machine was first introduced in the 1980s, it was considered magical. Definitely, FedEx would be going out of business shortly. However, no one thought about the potential security and privacy issues of floating private correspondence around so casually. Faxes collected in the receiving tray of a fax machine for everyone to see. You could go through every fax to see if there was something interesting, or some company secrets, or even a hot sales lead. Someone could grab a fax and no one would know. They could be stolen, or at least, copied. There was not much fax security.
The real estate industry traditionally gets a lot of faxes. They can collect in a public fax tray or company mailboxes. That might include a lot of sales leads and personal financial information. Definitely a security issue. Some Realtors would grab leads addressed to others. They called it ‘fax farming’. Browse through all the faxes during the day and you might find something useful.
Now, we have e-mail fax services. The fax comes right into your inbox as a PDF file and no one can see it. However, your e-mail service is where the security vulnerability exists. If your e-mail gets compromised, then the fax is also exposed.
Another potential vulnerability is from the fax providers that offer online storage of all your faxes. You probably don’t need copies of your company and customer correspondence stored on a server that you have no control over. Some fax providers will delete all your faxes from their servers after they are delivered. That’s a totally secure fax. Then, once a fax is in your e-mail, your personal security and virus protection programs should take over. That’s something you can manage and control.
HIPAA compliant faxing is mandated throughout the medical industry. You need to set up a private account with a secure portal and log into it every time you receive a fax. You log in, enter a username, password, click a few buttons, etc. That makes the fax secure during transmission, no one can intercept the fax without the proper credentials. Some offices would debate the need for a HIPAA-compliant portal because their e-mail system is fully secure. It’s a debate on the merits of double security, but there are regulations that might force this.
However, after all that, the fax is downloaded to your local computer. So, the faxes are still susceptible to getting compromised on your system. But the actual transmission of the fax is secure, unless someone gets your password.
So, the best practice for keeping your faxes secure is to delete them from your e-mail after you download them to your local computer. Keep all your files on one system with good security and frequent backups. And, of course, change your password occasionally.