Another security hole worth plugging

There's no pretty way to tell you this: Today's topic is your fax machine.

Still with me? . . . Nice to know you have faith in my judgment.

Fax machines are the Rodney Dangerfield of office technology for good reason: Many of us rarely use them any more; many of us find them maddening when we do use them; and many of us who cover IT for a living would rather write about wastebaskets than fax.

Nevertheless, I find myself drawn to the story being told by a start-up called Link2it, which recently began shipping an appliance that promises to plug one of the business world's most pesky security/privacy holes: yes, the fax.

"The most obvious security hole is one that everybody just assumes there is nothing you can do about," says Larry Heimendinger, Link2it's chairman. "I just don't know if the people who run businesses fully understand how vulnerable the information in their business is when they have fax machines around. Everybody just trusts in the good graces of their employees."

He illustrates his point with an anecdote about a bank that was testing his company's appliance - without informing bank employees - and discovered that a previously trusted manager was sending and receiving faxes on a regular basis that to the untrained eye appeared written in code. The bank was sufficiently alarmed to confront the fellow, who immediately copped to using the fax machine to play long-distance chess. He told his interrogators: "I figured you'd catch me if I used e-mail, but thought I was completely safe using the fax machine."

Little imagination is needed to envision a more serious breach, especially in this day of heightened federal regulation of privacy and security practices.

Link2it Corp.'s appliance, Fax2it (size: 13.4 by 10.8 by 2.4 inches), hangs off any fax machine and is attached to your network. It takes incoming and outgoing faxes and creates e-mail attachments of them that are then sent to dedicated inboxes. You need one appliance per machine, and at about a grand apiece they are not inexpensive - although Heimendinger argues they're less costly than buying and running fax servers.

Fax2it won't stop anyone from faxing anything, but it does create a repository of copies that will be easily searchable with software that Link2it has coming in the fall, Heimendinger says. It also will disavow employees - chess players and the more nefarious alike - of any notion that the fax is an unmonitored channel.

A number of issues promise to create rough sledding for Link2it: simple inertia on the part of customers, that price tag and the fact that privacy regulations such as HIPAA do not explicitly cover fax.

That could change in a heartbeat, though, the first time a company loses a lawsuit because it didn't close this particular barn door.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments