Protect Your VoIP System from Hack Attacks

Posted on Dec 30, 2016 in Jeff Nolte's Blog

Today, hackers continue to wreak havoc on traditional phone systems, but with the popularity of VoIP phone systems, hackers have a new playground. That’s because the Internet and IP-based technologies suffer from a growing list of security vulnerabilities, offering hackers a variety of new attack vectors.

Since an IP phone system typically shares the same data network as other IT systems, a breach of the phone system can lead to a breach of other IT systems as well. The ramifications can go well beyond making huge numbers of calls at your expense.

The good news is that there are measures you can take now to ensure your phone system stays protected against the bad guys…

  • When installing new phone equipment and network devices, change the passwords from the default settings.
  • Do not use easy-to-guess passwords and avoid the use of a phone number or extension as the system password. If your password is easy to remember, then it offers little or no security. Use a random number generator to design an effective password.
  • If you have more than one administrator accessing the telephone system or any IT system, make sure they use unique access credentials.
  • Whenever IT staff members leave the organization, immediately disable their access credentials to phone systems, computers and management tools.
  • Ask your service provider about its fraud monitoring capability; specifically, if it has real-time toll-fraud mitigation in place that will stop suspicious calls. The service provider should contact you to verify if the flagged calls are legitimate. Also, ask how the service provider deals with Denial of Service attacks.
  • Routinely review itemized telephone invoices for any anomalies; if your organization does not call certain international locations, for example, set up the phone system to disallow outbound calls to these locations.
  • Make sure phone system and voice application software is kept up to date. If you subscribe to cloud voice, this should be done by the provider as part of its hosted VoIP service.
  • Consider using end-to-end encryption to protect sensitive VoIP conversations. This feature may be added to the premises IP Phone system with encryption software, or offered by a cloud voice provider as an add-on to its hosted VoIP service. In essence, end-to-end encryption provides a secure virtual private network (VPN) connection that protects the privacy of conversations.

Larger VoIP networks may need to take a more granular approach to security. The more devices and protocols used, the more extensive the threat landscape becomes.

VoIP offers several compelling benefits over traditional telephony. These advancements do not come without a cost and require greater effort, planning, and vigilance to ensure high availability and security. Fortunately, the risks can be greatly reduced with proactive measures.

Ready to improve your business with VoIP? Contact us today: (800) 787-4848 or jnolte@ctsmd.us