Share This:

When it comes to technology, IT organizations are focused on the newest, fastest, and safest. But, for the rest of us, it is often a different story. According to a recent eFax study, there are 43 million fax machines still in use in the world today. Further, old copy machines still sit in offices, and even the once cutting-edge Telex is still being used in maritime settings. And the continued use of legacy technologies like these is creating headaches for businesses and the MSPs that manage their IT.

“When MSPs audit devices that a client has, the fax machine is often considered such a dinosaur that it isn’t even included. The same goes for that washing-machine-sized copier,” says Gordon Williams, a consultant in San Diego who studies legacy technology.

Aging office machines are vulnerable to modern threats

The problem, Williams points out, is that legacy technology has often been integrated into more extensive office networks. Yet, the equipment was built for a different era when cyber threats weren’t lurking everywhere.

For example, a fax machine built and sold 20 years ago and integrated into the network likely has little or no built-in protection. “It is not like a hacker can hack a fax in the traditional sense, but fax machines integrated into the business’ larger network can pose a threat,” Williams warns.


Another “sleeper cell” in the office environment is an old copier. “Nothing could seem like less of a threat than that old, clunky copy machine. But many of these legacy machines are now connected and integrated into the larger network, and remain unprotected, meaning that hackers can find their way in, and suddenly penetrate deep within a network,” Williams says.

With a growing list of IoT devices, edge sensors, vulnerable networks, and the ever-increasing attack surfaces to deal with, MSPs can be forgiven for overlooking legacy equipment. “But it’s important to remember that the old fax machine tied into the office network is just as a much of a threat as a phishing email,” Williams advises.

MSPs can mitigate legacy threats

Fortunately, there are steps MSPs can take to mitigate legacy threats. Some of the steps Williams recommends include:

  1. AUDIT: If you are interested in closing off legacy threats as an MSP, then you should do a complete audit of the client’s devices. It needs to be a “holistic audit.” Many MSPs think they are auditing everything but overlook the fax machine or the copier; you need to look at everything, even landline phones and old computers.
  2. REMOVE REDUNDANCY: Having that old copier might be convenient, but is it necessary? Once the audit is complete, you should analyze the necessity of every item on the list using the PAD method (Productivity, Accessibility, and Disruption). Does the device help office productivity? How accessible is that device to the network? Removing the legacy fax may be a good idea if it is now integrated into the network. And will removing the device cause disruption to productivity?
  3. IMPLEMENT SEGMENTATION: If a device passes the PAD test and you need to keep it, then make sure the network is segmented to keep the old fax “walled off” from the network. Configure routers to deny access from the fax’s IP address.
  4. TURN OFF AUTO-ANSWER: Unless your client is medical or law enforcement, a business where fax must get through (yes, there are still places that rely on faxes), then configure devices so that auto-answer is off; that way, each incoming fax can be manually evaluated.
  5. UPDATE FIRMWARE: Update firmware frequently on old copiers. Most legacy copiers have internal operating systems that must be updated to keep them secure.
  6. ENCRYPT: Ensure encryption is enabled and activated on old printers as jobs go from computer to device. During transmission, the data is most vulnerable to interception, and if it is not encrypted, it is pretty much free for an enterprising cybercriminal.

Old copiers, phone lines, and fax machines can also pose other threats. Copiers and fax machines, for example, can store plenty of data internally in folders and drives.

Beware of obsolescence

Williams says MSPs need to constantly be on the lookout for obsolescence.

“Obsolescence in itself is dangerous, and I advise MSPs all the time to audit once a year and make a list of devices that can be decommissioned,” Williams says.

Northwestern University’s Weinberg College’s IT department has this to say about obsolescence:

The longer a piece of software or hardware has been available to the public, the longer digital criminals have had to find their weaknesses, and the less likely you’ll be able to protect yourself against their intrusions.

So, in addition to old fax machines, copiers, and land-line phones, computers themselves can pose cyber threats, as well.

“An old clunker computer sitting in the corner of an office may be convenient for someone to jump on and check their email, but it is probably also a gaping hole in security if someone isn’t taking precautions,” Williams warns. “It should be decommissioned if it fails the PAD test.”

The past isn’t a prologue when it comes to technology, the past is peril. Update and eliminate old devices today to stave off new threats.

Photo: suksawad / Shutterstock


Share This:

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

8 Comments

  1. Moss Jacobson April 7, 2022 at 9:27 am

    This is such a great reminder! All too often, we may find ourselves focused on the technology ‘we know’ that is outdated and no longer running a support OS. From a business strategy perspective, however, I feel that within #2 above is one of the most important questions not to be overlooked when evaluating legacy devices: “will removing the device cause disruption to productivity?”

    Reply

  2. Yeah, these hidden Landmines are lurking in pretty much every office or the shadow computer that someone runs because they needed something and bypass process and protocol.

    Reply

  3. Great article! We must not turn a blind eye to technology of the past.

    Reply

  4. Makes cool decorations though

    Reply

  5. Legacy technology and unsupported IOT devices pose a very significant threat to organisations. A controlled and audited lifecycle policy needs to be in place to take care of such issues.

    Reply

  6. Matthew Hickman April 12, 2022 at 1:04 pm

    We schedule a closet clean out of our office and purged a ton of old equipment. Now that we work from home, we’ve also scheduled quarterly/yearly clean ups for our clients so it keeps all of our closets/racks looking fresh, clean, and improved with up-to-date equipment.

    Reply

  7. Haven’t actually seen one of these in years

    Reply

  8. Fax machines really do need to go away! Most people use a fax-to-email service now which is just more delays and more problems, and just as insecure as sending a regular email anyways.

    Reply

Leave a reply

Your email address will not be published.