Despite the many intricate and hardened systems that are put in place to secure electronic documents and verify the accuracy of their contents, there is a gaping vulnerability in almost every system: the fax machine.
Just about anyone who has read Greek mythology (or seen the Brad Pitt movie Troy) is familiar with the story of Achilles. He was a mighty warrior who was destined to lead the Greeks against the Trojans in the battle for the abducted Helen. And to die there.
Perhaps the best-known part of the story is that his mother tried to protect him by dipping him into the river Styx in the Underworld, where all but the heel she used to hold him became invulnerable. Of course, as Murphy’s Law dictates, eventually an arrow found his heel and he died in battle anyway.
The point of the story is that no matter how carefully we plan, and no matter how much we try to protect ourselves from harm, it’s important not to overlook the simple things that may seem insignificant on the surface but may be our undoing in the end.
This is a particularly important lesson for those charged with assuring that their organization meets Section 404 and other requirements of the Sarbanes-Oxley Act. Because despite the many intricate and hardened systems that are put in place to secure electronic documents and verify the accuracy of their contents, there is a gaping vulnerability in almost every system: the fax machine.
Think about it. What types of documents are normally sent via fax rather than e-mail? Normally they are legal documents, such as contracts, letters of agreement, purchase orders, submitted RFPs, and other documents that require a signature for verification. In other words, they are key documents that affect both the financial and legal health of the organization.
Now think about where that fax machine sits. Usually, it is in a common area such as a mail room, on top of a file cabinet, or in a passageway between offices or cubicles –- somewhere that allows anyone walking by to see the contents of those important legal or financial documents. Beginning to shudder yet?
Next think about the form factor of those key corporate documents. They come in as paper. Which means they can be easily lost, misplaced, or misfiled. They can also be accidentally gathered up and thrown out with the daily newspaper or the debris from your lunchtime sandwich. Even if they are properly filed they can be difficult to access quickly if you have to endure an audit -– particularly if you are in an industry, such as mortgage brokers and insurance companies, that sends and receives a large number of faxes each month. And before they get to their intended recipients, how many sets of eyes with low security clearances will they pass in the process of getting from the machine to the right desk? Talk about a lack of internal controls!
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.