How to prevent fax machines from becoming your network weak point

An organization’s fax lines can serve as yet another potential entry point for hackers. The vulnerability allows hackers to take over a fax device (dedicated fax machine or multifunction device) and spread malware through entire corporate networks.

Here are some steps to take to ensure your organization is protected.

Determine which fax devices are being used in your organization
These are the devices that have been sitting there with virtually no security in place and have likely fallen under the IT radar, but still could serve as an entry point. Once these devices have been located, unplug the phone lines from the ones not actively used for faxing.

Check for manufacturer security patches
Once the fax-capable and connected devices have been identified, make sure to follow through with any and all of the latest security patches. It is also a good idea to stick to a regular patching schedule. Use network segmentation to keep your faxing separate and under control. Keeping the organization’s faxing devices on a segmented subnetwork not only prevents fax traffic from reaching the general network, it also makes your fax transmissions easier to track. Network segmentation can prevent vulnerabilities like “Faxploit” and also help maintain compliance with regulations like the GDPR.

Consider FoIP solutions
For organizations that rely on faxing, it is time to consider the options. Centralized fax over internet protocol (FoIP) solutions come with several advantages over traditional faxing, mainly that they’re inherently more secure. They centralize communications to a single entry point, enabling organizations to reinforce their critical communications with the same security measures applied to their network. Centralized fax solutions are also easier to protect, update and monitor.   

Sébastien Boire-Lavigne is EVP and CTO for XMedius.

This article originally appeared in the Nov/Dec issue of Canadian Security.