The practice of eavesdropping on phone calls has been around for as long as the telephone itself. Call centers have always stored a treasure trove of valuable data — a tempting target for attackers looking to steal everything from trade secrets to payment information.
These risks persist even in the age of internet-based telephony, regardless of whether your VoIP system is hosted in-house or in the cloud. Common VoIP risks include toll fraud, network eavesdropping, and voicemail hacks, to name a few. IP phones and other devices can also be entry points into your wider business network.
To secure your business’s VoIP phone system from these and other threats, consider the following tips:
1. Allow access only through the company VPN
One of the biggest risks associated with VoIP phone systems is wireless eavesdropping. Attackers often target unsecured wireless networks to listen in on traffic being sent between an endpoint and the local router, and the risk can extend to your VoIP systems too. While any decent business-grade VoIP system should offer end-to-end encryption, it’s always wise to add an extra level of security by having your employees connect to the corporate VPN before they can access their VoIP user accounts. This is especially important in the age of remote work.
2. Lock down old or unused user accounts
Many cyberattacks exploit inadequately monitored user accounts belonging to employees who have left the company. Often, these accounts are left open and end up being forgotten about, thus greatly increasing your susceptibility to both inside and outside threats. This is largely the case for businesses that let employees use their own devices for work. Managers should always be mindful of revoking access rights to compromised or unused accounts and devices. You should also have a way to immediately revoke access tokens from devices that are reported lost or stolen.
3. Use multifactor authentication
Any system that might potentially store or transmit sensitive information, such as a company’s VoIP platform, needs to be protected with multiple layers of security. Relying on passwords is not enough, since these are notoriously vulnerable to social engineering scams. Employees should always have to verify their identities when logging in to their user accounts, particularly if they’re connecting from an unknown location, network, or device. Multifactor authentication methods include one-time security tokens provided by SMS, email, or a USB security key, or biometrics like fingerprints or facial recognition.
4. Train employees to recognize phishing scams
The vast majority of successful cyberattacks contain a social engineering element. Phishing emails tend to get the most attention, simply because they’re the most prolific, but scammers can use any medium, including voice.
Voice phishing, or “vishing” is a technique in which an unsuspecting victim is duped into giving away sensitive information over the phone. Employees should be properly trained in how to recognize these threats. After all, no legitimate party should ever ask for sensitive information, such as login details, over the phone. You should also ensure all calls are recorded, so you have a complete audit trail to examine if a threat does get through.
5. Keep your firmware up to date
Every computing device contains firmware. Like any other kind of software, this firmware can be exploited. However, whenever vulnerabilities are reported, a dependable manufacturer will be quick to patch it with a firmware update. You should always keep your devices up to date, including your routers, wireless range extenders, IP phones, and any other devices connected to your network.
It also helps to maintain a complete inventory of every device used for work, including those owned by your employees. If you have a bring your own device policy, it should also include rules and standards your employees should follow when it comes to keeping their devices up to date.
Kortek Solutions is ready to help you take your communications to the next level with secure and scalable VoIP solutions. Get in touch today to find out more.