Since the emergence of voice communication over the Internet, security has been a growing concern. As more and more companies want to integrate their office phone systems and communication servers with other business applications and to leverage SIP Trunking and VoIP Phones for flexible and efficient communication, it is essential to address security considerations as part of every solution design.
Like any device connected to the internet, your VoIP Phone System can fall victim to cybercriminals. Cybercriminals are not just looking to steal valuable information about your company, customers, bank information, credit cards, etc. that can be used to commit fraud or extract a ransom (ransomware). VoIP Phone itself is an attractive target for hackers since gaining control of a phone system enables them to make money at your expense by dumping fraudulent long-distance traffic on your system or lines. For a small business, the cost of recovering from financial fraud or misuse can be as extreme as putting it out of business.
Protecting your Business VoIP Phone System from Cyber Frauds
RingOffice takes a proactive approach to securing its infrastructure and helping clients do the same. Below are some tips that will help you protect your Business VoIP Phone System from hackers and criminal cyber fraud.
Protect VoIP Devices with a Next-Generation Firewall: A Next-Generation Firewall or NGFW is a network security appliance that goes beyond port/protocol inspection & blocking to add deep packet application-level inspection, intrusion prevention, and leverage external threat intelligence sources to keep up-to-date with the threat landscape. Configure your firewall to block unauthorized access to your VoIP network. Use a separate VLAN for your VoIP traffic to protect it from other network traffic.
A firewall provides a barrier between your internal network and the external non-trusted network where cyber-attacks could come from. If you are unsure about your firewall or network design, talk to your network administrator or service provider about better protecting your network.
Change Defaults Passwords: The first thing to do when implementing a new Business Phone System is to change the default passwords to stronger passwords. Many phone systems will also help you automate the process of changing default web passwords on VoIP desk phones, cordless phones, conference phones, etc. Many of these will also ensure different passwords are used for web interface access vs. SIP authentication. A VoIP phone with a default web interface password or an easy password set in SIP credentials is an open invitation for hackers to exploit. Ensure that all the devices connected to your VoIP phone system have unique and strong passwords. Use a combination of letters, numbers, and symbols in your password to make it harder for hackers to guess.
We recommend changing admin passwords every 6-12 months following these rules:
- 8 to 12 characters in length
- Use uppercase letters, lowercase letters, symbols, and numbers
- Do not use words that are related to your personal information
- Use phrases and enter shortcut codes or acronyms
Keep your Phone System up to date: To ensure the proper functioning of your VoIP phone system, you must ensure it is maintained and kept up to date. Most systems are software-based and require continuous updates to ensure they are secure and protected from vulnerabilities that hackers might exploit online. Regularly update your VoIP software and firmware to protect against newly discovered vulnerabilities. Install security patches and updates to prevent unauthorized access to your system. If you do not manage your phone system yourself, ask your service provider about proactive maintenance, patching, and management.
Choose a VoIP Provider that is serious about Security: VoIP service providers who are serious about security proactive monitor their networks for suspicious activity. This reduces the chances that a potential security breach goes unnoticed for a very long. If you only make calls from a specific location, you can block all IPs except for the static IP at your location from using your VoIP service. Many SIP Trunking, Hosted PBX, and Cloud Communication providers will also go as far as setting credit caps and service blocking on services to protect you against liability from misuse. These caps are designed to allow normal call usage but stop large unnatural spikes in traffic, thus limiting your exposure to fraudulent calls. Since clients are responsible for calls made, these features can offer you essential liability protection.
If your company never makes or receives international phone calls, you can ask your provider to disable international calling.
Use Encryptions: Encrypt your VoIP traffic to protect it from eavesdropping and interception. Use secure protocols such as Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP) to secure your VoIP traffic.
Educate Your Users: By educating your employees you are ensuring that your efforts to maintain the security of your VoIP phone systems are not in vain. Educate your users so they know how to use the devices and avoid being a vulnerable point to cyberattacks.
Apply policies among employees such as having strong passwords, changing their passwords at least once a year, two-factor authentication to allow access, not having voice messages in the mailbox for a long time to prevent private information contained in those messages from being stolen, and mobile security policies for employees who use VoIP system apps on their mobile devices so that they are not a vulnerable point of cyberattack.