Despite the many intricate and hardened systems that are put in place to secure electronic documents and verify the accuracy of their contents, there is a gaping vulnerability in almost every system: the fax machine.
Just about anyone who has read Greek mythology (or seen the Brad Pitt movie Troy) is familiar with the story of Achilles. He was a mighty warrior who was destined to lead the Greeks against the Trojans in the battle for the abducted Helen. And to die there.
Perhaps the best-known part of the story is that his mother tried to protect him by dipping him into the river Styx in the Underworld, where all but the heel she used to hold him became invulnerable. Of course, as Murphy’s Law dictates, eventually an arrow found his heel and he died in battle anyway.
The point of the story is that no matter how carefully we plan, and no matter how much we try to protect ourselves from harm, it’s important not to overlook the simple things that may seem insignificant on the surface but may be our undoing in the end.
This is a particularly important lesson for those charged with assuring that their organization meets Section 404 and other requirements of the Sarbanes-Oxley Act. Because despite the many intricate and hardened systems that are put in place to secure electronic documents and verify the accuracy of their contents, there is a gaping vulnerability in almost every system: the fax machine.
Think about it. What types of documents are normally sent via fax rather than e-mail? Normally they are legal documents, such as contracts, letters of agreement, purchase orders, submitted RFPs, and other documents that require a signature for verification. In other words, they are key documents that affect both the financial and legal health of the organization.
Now think about where that fax machine sits. Usually, it is in a common area such as a mail room, on top of a file cabinet, or in a passageway between offices or cubicles –- somewhere that allows anyone walking by to see the contents of those important legal or financial documents. Beginning to shudder yet?
Next think about the form factor of those key corporate documents. They come in as paper. Which means they can be easily lost, misplaced, or misfiled. They can also be accidentally gathered up and thrown out with the daily newspaper or the debris from your lunchtime sandwich. Even if they are properly filed they can be difficult to access quickly if you have to endure an audit -– particularly if you are in an industry, such as mortgage brokers and insurance companies, that sends and receives a large number of faxes each month. And before they get to their intended recipients, how many sets of eyes with low security clearances will they pass in the process of getting from the machine to the right desk? Talk about a lack of internal controls!
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?