Hosted VoIP and Security – Your Concerns Answered

One area of concern to companies contemplating the move to hosted VoIP is security. Now this is something most of us didn’t associate with our phones – whether at home or at work. But with VoIP, security is definitely something you should think about. Media articles abound on security breaches, toll fraud incidents and vulnerabilities in VoIP systems.

However not all providers take security seriously. Some vendors simply make promises while failing to fulfill them. Others will just ignore your concerns and not consider it an issue at all. Before choosing a hosted VoIP vendor, make sure to ask them questions about security, vulnerabilities, monitoring tools and policies etc. Some areas you should check include:

Encryption

The media likes to portray encryption as some sort of silver bullet for security issues. Read any article on data breaches or theft and you’re likely to some across a sentence asking why the data wasn’t encrypted. This reliance on encryption is harmful for a couple of reasons. One is that companies are lulled into a false sense of security. They tend to think they’re safe because their data is encrypted. But there are many ways for attackers to compromise your system.Second is that encryption cannot protect against all the risks. It simply makes your data useless to anyone who steals it. Hackers can still commit toll fraud on your network or bring down your servers and cause havoc. Imagine spending a few days without your phones!

Encryption is not a magical solution that closes all vulnerabilities. It is simply the first step in securing your network and data against intruders. It is also is difficult to add later, you cannot just turn it on and off when you like. So find out from the vendor if they encrypt data on their network, how it is implemented, who can decrypt it and so on. Once you sign the contract, it’s too late!

Authentication Controls

Suppose your data is encrypted at all points – at rest and during transit across various networks. You think your voice data is safe but the thing is, unauthorised users can still steal it. Imagine if one of your devices or user accounts still had the default password. Attackers can simply log into your network and place fraudulent calls worth thousands of dollars which you’re on the  hook for. There is no encryption method that can protect your data once the intruder is inside the system or while posing as a legitimate user.

What can you do about it? Make sure all your employees understand passwords and authentication controls. No device on the network should still have the default password it was shipped with. Users should also change their passwords regularly and not share it with friends, family or even colleagues. These are basic steps you should take to protect your phones.

Security Updates and Patches

No device or software is guaranteed to be bug free at launch or even afterwards. One common way for hackers to get into your voice network is through vulnerabilities or loopholes in outdated equipment or applications. Older versions of device drivers or apps often have bugs that can be exploited. Manufacturers generally release bug fixes and security updates to close them.

This is yet another step you can take for your protection. Make sure all the devices on your network are updated with the latest patches regularly. It applies to everything, not just VoIP specific hardware. For example, malware or viruses on your computers can be used to compromise the VoIP phones or steal account credentials. Keyloggers installed via insecure USB drives can steal passwords when employees use softphones. Any device – whether server equipment or personal mobile phones – can be the source of an attack on your network.

Regular and Constant Monitoring

Real time monitoring is an important aspect of hosted VoIP security. Many companies don’t know they’ve been breached or attacked until it is too late to do anything. Monitoring is one way to counter that. Ask your vendor about tools and applications they offer for monitoring your network. There may even be software available from other vendors that you can buy.

With effective monitoring and reporting tools, you can detect an intrusion as soon as it occurs. It’s useful for both security and to ensure the network is performing as it should.

One of the positive aspects of using hosted VoIP is that you’re entrusting the security of your phone to someone with proven expertise in that area. Most small and medium businesses lack the resources to hire IT security experts. Instead of starting from scratch and hiring in house security experts, you can just rely on the vendor for securing the phones. But remember that you have a role to play in protecting your communication network as well.