Since the emergence of voice communication over the internet, security has been a growing concern. As more and more companies want to integrate their office phone systems and communication servers with other business applications and to leverage SIP Trunking and VoIP for flexible and efficient communication, it is essential to address security considerations as part of every solution design.
Like any device connected to the internet, your VoIP Phone System can fall victim to cybercriminals. Cybercriminals are not just looking to steal valuable information about your company, customers, bank information, credit cards, etc that can be used to commit fraud or extract a ransom (ransomware). VoIP itself is an attractive target for hackers since gaining control of a phone system enables them to make money at your expense by dumping fraudulent long-distance traffic on your system or lines. For a small business, the cost of recovering from financial fraud or misuse can be as extreme as putting it out of business.
RingOffice takes a proactive approach to securing their infrastructure and helping clients do the same. Below are some tips that will help you protect your Business Phone System from hackers and criminal cyber fraud.
- Protect VoIP Devices with a Next-Generation Firewall: A Next-Generation Firewall or NGFW is a network security appliance that goes beyond port/protocol inspection &blocking to add deep packet application-level inspection, intrusion prevention, and to leverage external threat intelligence sources to keep up to date with the threat landscape. A firewall provides a barrier between your internal network and the external non-trusted network where cyber-attacks could come from. If you are unsure about your firewall or network design, talk to your network administrator or service provider about better protecting your network.
- Change Defaults Passwords: The first thing to do when implementing a new Business Phone System is to change the default passwords to stronger passwords. Many phone systems will also help you automate the process of changing default web passwords on VoIP desk phones, cordless phones, conference phones, etc. Many of these will also ensure different passwords are used for web interface access vs. SIP authentication. A VoIP phone with a default web interface password or an easy password set in SIP credentials is an open invitation for hackers to exploit.
We recommend changing admin passwords every 6-12 months following these rules:
– 8 to 12 characters length
– Use uppercase letters, lowercase letters, symbols and numbers
– Do not use words that are related to your personal information
– Use phrases and enter shortcut codes or acronyms
- Keep your Phone System up to date: To ensure the proper functioning of your phone system, you must ensure it is maintained and kept up to date. Most systems are software-based and require continuous updates to ensure they are secure and protected from vulnerabilities that hackers might exploit online. If you do not manage your phone system yourself, ask your service provider about pro-active maintenance, patching, and management.
- Choose a VoIP Provider that is serious about Security: VoIP service providers who are serious about security proactive monitor their networks for suspicious activity. This reduces the chances that a potential security breach goes unnoticed for very long.
If you only make calls from a specific location, you can block all IPs except for the static IP at your location from using your VoIP service
Many SIP Trunking, Hosted PBX and Cloud Communication providers will also go as far as setting credit caps and service blocking on services to protect you against liability from misuse. These caps are designed to allow normal call usage but stop large unnatural spikes in traffic, thus limiting your exposure to fraudulent calls. Since clients are responsible for calls made, these features can offer you essential liability protection.
If your company never makes or receives international phone calls, you can ask your provider to disable international calling.
- Educate Your Users: By educating your employees you are ensuring that your efforts to maintain the security of your VoIP systems are not in vain. Educate your users so they know how to use the devices and avoid being a vulnerable point of cyberattacks.
Apply policies among employees such as having strong passwords, changing their passwords at least once a year, two-factor authentication to allow access, not having voice messages in the mailbox for a long time to prevent private information contained in those messages from being stolen, and mobile security policies for employees who use VoIP system apps on their mobile devices so that they are not a vulnerable point of cyberattacks.
Feel free to contact us if you have questions about how to keep your VoIP Phone Systems safe against cyber attacks or if you would like to talk about a communication solution business.