How Secure is Your IP Phone System?

With the growing popularity of Voice-over-IP, phone hacking continues to evolve, costing businesses billions of dollars annually in lost productivity and higher phone bills. That’s because Internet technologies, including premises and cloud voice systems, suffer from a growing list of Internet-related security vulnerabilities, offering hackers a variety of new attack vectors.

Since an IP Phone system typically shares the same data network as other IT systems, a breach of the phone system can lead to a breach of other IT systems as well. There are many variations of the attacks that can be launched against VoIP phone systems to inflict damage on businesses.

Preventive Measures

The way to foil attacks is to take preventive measures to ensure your phone system stays protected against the bad guys…

  • When installing new phone equipment and network devices, change the passwords from the default settings.
  • Do not use easy-to-guess passwords and avoid the use of a phone number or extension as the system password. If your password is easy to remember, then it offers little or no security. Use a random number generator to design an effective password.
  • If you have more than one administrator accessing the telephone system or any IT system, make sure they use unique access credentials.
  • Whenever IT staff members leave the organization, immediately disable their access credentials to phone systems, computers and management tools.
  • Ask your service provider about its fraud monitoring capability; specifically, if it has real-time toll-fraud mitigation in place that will stop suspicious calls. The service provider should contact you to verify if the flagged calls are legitimate. Also, ask how the service provider deals with Denial of Service attacks.
  • Routinely review itemized telephone invoices for any anomalies; if your organization does not call certain international locations, for example, set up the phone system to disallow outbound calls to these locations.
  • Make sure phone system and voice application software is kept up to date. If you subscribe to cloud voice, this should be done by the provider as part of its hosted VoIP service.
  • Consider using end-to-end encryption to protect sensitive VoIP conversations. This feature may be added to the premises IP Phone system with encryption software, or offered by a cloud voice provider as an add-on to its hosted VoIP service. In essence, end-to-end encryption provides a secure virtual private network (VPN) connection that protects the privacy of conversations.

Larger VoIP networks may need to take a more granular approach to security because the more devices and protocols used, the more expansive the threat landscape becomes.

The Big Picture

VoIP offers compelling benefits over traditional PBX systems. These advancements do not come without a cost and require greater effort, planning, and vigilance to reduce security risks. Fortunately, businesses can greatly reduce the risks by taking a few basic steps to keep the bad guys at bay.

Contact DataLink today to discuss your VoIP implementation options and security needs: 410.729.0440 or sales@DataLinkTech.com.