Protecting your VoIP System from HacksPosted on: 2017-12-26 | Categories: VoIP Services
VoIP is a wonderful technology and most businesses will agree that it has been enormously beneficial from a productivity and efficiency standpoint. VoIP can help organizations to reduce costs, implement new features and integrate the phone system with other enterprise tools. VoIP, you no longer need separate networks for voice and data. Everything goes through the same network, reducing maintenance costs and saving time.
Unfortunately criminals and hackers also love VoIP. The widespread adoption of VoIP has been a gold mine for hackers. Eavesdropping on VoIP calls can unearth a treasure trove of confidential corporate data. Toll fraud often goes undetected until it is too late and apprehending criminals who live on the other side of the world is practically impossible. Some criminals don’t even care about your phones, it’s simply an entry point to your corporate network.
Security Is Crucial but No One Think about It
The majority of businesses that upgrade to VoIP don’t spare a thought for security. Since it was not such a widespread issue with analog phones, most people assume that VoIP phones are not any different. VoIP phones are fundamentally different from their analog counterparts, even if they look and work the same. Your IP enabled phones use the Internet to send data like messages and voice calls. It leaves your phones vulnerable to the same security risks that plague network devices like laptops.
Every additional device you connect to the Internet is another entry point of attack. Once upon a time, you only needed to secure computers, laptops and mobile devices. Now you have to worry about your desk phones, IP enabled conference speakers and any other Internet connected device. That forgotten old IP phone that no one uses anymore has security holes big enough for a hacker to waltz through. Softphones that connect to unsecured, public Wifi spots can compromise account credentials. The possibilities are endless and criminals are not above exploiting them.
Do You Know If Your Phones Are under Attack?
The unfortunate part of VoIP attacks is that few organizations even know that it is happening to them. Your employees know the telltale signs of phishing attacks and the dangers of clicking on suspicious links or attachments. But do you know how to recognize the signs of a VoIP attack?
Call history and call logs are a valuable source, so go through them regularly. Do you recognize all the numbers on that list? Some companies use geofencing i.e calls to certain regions are allowed or blocked as the case may be. Toll fraud is a vicious crime that can leave you on the hook for thousands of dollars.
Most IP phones have microphones and cameras to support conference and video calls. If you find that these devices are automatically recording conversations or turning on and off by themselves, that’s a huge warning sign right there. Hackers can use them to spy on confidential conversations or gain access to usernames and passwords.
Protecting Your VoIP System
Protecting your IP phones is no different than the steps you take for your other devices. You just need to expand the scope and coverage of your existing security programs. If you use hosted services from an external provider, you need to examine and investigate it. What measures do they take to protect their infrastructure and yours? If you’re not satisfied, it’s time to change.
Change the passwords on all devices and frequently. This includes network equipment like routers, modems, SBCs, desk phones and any hardware that has an admin portal or connects to the Internet. It is unfortunate but many attacks could have been prevented if only the device didn’t have the default password it shipped with. Make sure that employees use strong passwords and not common ones like ‘password’ or ‘123!’
Use available technical tools like encryption and virtual private networks. Hackers can easily intercept VoIP calls, so encryption can protect your data even if it falls into the wrong hands. A VPN will establish a secure tunnel over the public Internet and allows off site users to access the network without sacrificing security.
Be sure to test your network periodically. Some organizations prefer to do with themselves while others hire external providers for assessments. Security tests will let you know if everything is working as it should be and uncover holes that need to be patched. Tools like firewalls work effectively only if you take the time to configure them. With security, it’s not a matter of buying something and turning it on. You have to be proactive with your defenses and put multiple layers together to withstand attacks.
Over the last few years, security breaches and network attacks have made headlines. Businesses should start with the assumption that they will be attacked at some point of time. The best thing you can do is to be prepared and monitor your networks so you get sufficient warning to take care of the problem.