What are the key business VoIP Security threats you must prepare for? This of course depends on your situation and whether you implement VoIP services yourself or make use of a hosted business VoIP solution.. But in any situation, there are serious topics to be reviewed and measures to be taken. Please have a look at our top 5 Business VoIP Security threats and how to deal with them.
Companies typically invest in the expertise of a supplier or service provider for the deployment of their business VoIP solution. However, for security they often prefer to rely on their own expertise. Which is fine of course, as long as we realize that VoIP Security threats may have a very specific nature. It is a specific combination of threats which are on the one hand comparable to regular IT security threats, while on the other hand there are very specific threats for the phone system technology and applications. Make sure that your security staff does treat the Business VoIP Security challenge as a specific risk area which needs special attention.
Hosting may release you from a lot of concerns. You don’t have to worry about the technical systems required to implement a VoIP service. You don’t need to worry about scaling of your hosted VoIP solution. But does it also mean that you don’t need to think about the security?
Well, that’s not entirely the case. Although you should have selected your hosted VoIP provider also on how he implements Business VoIP Security, you still have to carefully review what is actually implemented and how that works together with your own inhouse security measures. Are there any gaps left? Do security measures on each side interact with each other in an unexpected way?
VoIP is not only used within your organization, your VoIP traffic and signaling also passes gateways to the outside world. To other remote locations, to gateways connected to the PSTN or mobile networks, or to other enterprise networks. A soon as your traffic and signaling leaves your own LAN boundaries, it is time to consider VoIP encryption. And many security experts take this even further, suggesting that organizations should also encrypt their VoIP traffic internally. For example, on their own LAN, WAN and VPN connections. Note that SIP encryption is often not enabled by default. While the impact of SIP attacks, session hijacking and call fraud may be severe. So, it is recommended to review whether your current Business VoIP Security measures include SIP signaling encryption (using TLS) or the Secure Real-Time Transport Protocol (SRTP) for the voice traffic.
One thing that specifically asks attention is the network and systems security of the Business VoIP infrastructure. Both at a physical level as well as a logical level. For example, it is important to setup a firewall and an IPS (Intrusion Prevention System). By doing this, you can monitor your VoIP traffic, track unexpected or unusual behavior and block unauthorized traffic. The VoIP servers themselves should be physically protected and the access for administrative staff should be protected as well. That OS updates must follow the supplier guidelines strictly goes without saying, while you should define sharp controls for the level of automatic software loading on telephones.
Despite all this, the person behind the telephone remains a crucial element in any Business VoIP Security plan. That starts by restricting the types of calls allowed. It may not be necessary that the telephone at the client desk of the warehouse is open for external – or even international – calls. And it may also be wise to block external calls during evening and nightly hours, specifically from phones on desks where staff is only present during day-time. It is possible to configure these setting on a per device, per user or time of day basis.
Also make sure that access to phones is restricted by using user names and password. This is not only important to prevent fraudulent call attempts from your company phones (making you responsible). It is also important to prevent your voicemails from being eavesdropped, or customer contact data from being stolen.
Often we hear that securing telephone access by a username and PIN code is impractical. People forget usernames and PIN codes and entering these credentials via a keypad isn’t easy. However, by using our ALM software they don’t need to enter their login credentials. Logging into their telephone is automatically done whenever they start their laptop.
Business VoIP Security is important. Your VoIP network faces many risks. Eavesdropping on calls can provide criminals with information you don’t want to disclose. Data from your own organization or – often even worse – from your clients or patients. Also voicemail hacking is a serious risk and toll fraud may cost you thousands of dollars in a few hours of inadvertency.
An easy measure to be taken is the protection of your desktop telephones from unauthorized use. Using ALM software is an easy step to implement this at a very low price tag.