You are here: Home \ Blog \ VoIP: The latest security threat for businesses

VoIP: The latest security threat for businesses

VoIP_SecurityMore businesses than ever are jumping on the Voice over IP (VoIP) bandwagon today. Aside from significant cost savings when compared to traditional phone services, VoIP also offers many value-added features such as voicemail-to-email transcription, barge and whisper service, call screening, conferencing, music on hold, call routing, portability, and increased flexibility and mobility for employees that are always on the move or required to travel. Although VoIP’s advantages have plenty to offer the business world, there is also the need for companies to secure voice technology.  In this article I am going to discuss VoIP security and ways you can protect your business.

Studies show that over 75 percent of US businesses are using IP-based VoIP telephone systems as their primary telephone system. As the many advantages of hosted VoIP become increasingly evident to businesses, I think it’s important to clear up a basic misconception when it comes to security. By this, I mean that even if you are connected to your VoIP system through an insecure Wi-Fi network, it does not therefore mean that your VoIP system is automatically vulnerable to hackers.

In order to get into the VoIP system there are additional passwords required. The conversations themselves are encrypted. Undoubtedly the ability to have your phone accessible across multiple platforms makes it vulnerable to hackers generally, but the security issue concerns are related to data network and hardware security issues, not VoIP itself.

When it comes to securing VoIP, businesses need to go above and beyond basic compliance and become proactive in securing VoIP technology from hackers. Since VoIP packets flow over the network (just like data packets do), sensitive corporate information could be intercepted. Some of the same threats that affect data networks can also affect VoIP.

Other threats that can affect VoIP systems are:

  • Conversation eavesdropping/sniffing
  • Default passwords
  • Hacked voicemail
  • Identity spoofing
  • Man-in-the-middle exploits.
  • Denial of Service (DoS) attacks
  • Toll fraud
  • Web-based management console hacks.

VoIP security is a challenge for many companies, but the bottom line is: VoIP security should operate on the same rung as network data security both forms of data contain valuable information. Remember this: The bad guys never sleep; they are always looking for new and innovative ways to hack into business VoIP systems.

Security practices for every company should include:

  • Separating data traffic from voice traffic by creating two virtual VLANs.
  • Protecting the remote admin interface with a complex password and non-standard port.
  • Encrypting sensitive voice traffic:
  • Using Secure Session Internet Protocol (SIPS) for protection from eavesdropping and tampering.
  • Applying physical and logical protection: The VoIP server should be behind a SIP-aware firewall and intrusion prevention system (IPS).
  • Creating user names that are different from their extensions.
  • Keeping VoIP systems always up-to-date and patched.
  • Limiting calling by device.
  • Using encryption to secure calls.
  • Setting strong security policies.
  • Utilizing traffic analysis and deep packet inspection (DPI).
  • Properly securing VoIP gateways.
  • Using a strong voicemail 6-digit passcode or device certificate.
  • Deleting sensitive voicemail messages.
  • Removing mailboxes when employees leave the company.
  • Limiting invalid login attempts.
  • Restricting type of calls allowed on the network and implementing time of day policies.
  • Disabling international calls by default.
  • Security awareness training for employees.
  • Requesting that all employees report odd occurrences.

 

VoIP_phoneOf course some of these practices may not be feasible for some company. With that in mind here are three tips for maintaining VoIP system security:

Restrict password permissions. Business grade VOIP apps have an extra layer of security that has to be activated in order for a user to become connected. When launched on a computer, a VoIP unified communications (UC) app will require users to register with their unique user name/password every time. Companies can restrict the “remember me” options and require users to sign in every single time. That means that even if the VoIP app is attacked in the computer there will be always be another password that would need to be hacked as well in order for someone to get into the system.

Use the available safeguards. It should be said that even if hackers managed to get the password and hack into one phone, it would not affect the entire network it would only affect one user. Fortunately most business grade services have “fraud detection” monitoring and can determine if there are an unusual number of minutes being racked up and will flag it. Watch user trends and stay on top of alerts or changes in tracked usage.

Lastly, exercise common sense when working remotely. Common sense is one of the main security measures you can employ. It’s simply about being aware of your surroundings, where you keep passwords stored.

Calling it a VoIP security issue when someone has your passwords is like calling a bank security issue when someone takes your money after finding your card and PIN together, it’s not.

No network is perfectly secure. But having a clearer understanding of VoIP and its security measures together with basic practices that every company should implement will help ensure better overall security for all users. It will also help businesses looking at their phone options to consider the real risks and benefits of VoIP in achieving success.

On April 28, 2015, posted in: Blog, Security by

Tags: ,

Tags
Android anti virus Apple apps business cleaning smartphone Clutter comfort computer repair anaheim computer repair orange county content marketing email ergonomics fix giving google How To hybrid inspiration Internet Explorer marketing microsoft Microsoft Clutter motivational neutral body posture new tech office 365 online backup orange county onsite backup anaheim portable scareware security smartglass smartphone Social media software surface 3 Tablet tips VM Ware Orange County VoIP wearables Windows 10 Windows Server Orange County work