Has your cloud-based VoIP phone system proven its worth with this year’s big shift towards remote working? Or have you recently switched to VoIP in preparation for the up-coming ISDN switch off?

It’s great to see businesses using new (-ish, VoIP has been well tried and tested) technology to improve agility and prepare for the future, but it is important to remember that, as with any other part of your IT infrastructure, your VoIP telephone system can be targeted by cyber criminals.

The good news is that we monitor cyber attacks in real time, and our recent reports don’t suggest any particular increase in activity targeting VoIP applications. However, we do know that where there’s a popular application, cyber criminals tend to appear, and whether you’re a recent adopter of VoIP or have been using it to make calls for years, you should take note of these tips for adding protection to your VoIP phone system.

Can people listen in to my calls if I don’t secure my VoIP system?

Although your immediate thought when it comes to “phone hacking” may be of someone listening in on your calls, the types of attack most likely to target VoIP probably won’t tap into live telephone calls. Instead, attacks on VoIP applications may look like:

• Denial-of-service attacks: A large number of calls can be used to target your phone system, blocking legitimate calls from reaching you. And while that’s bad enough, IT teams know that when a denial-of-service attack is taking place you need to keep an eye out elsewhere, because they’re often used as a distraction so that other, more serious attacks on your network go unnoticed.
• Premium number scams: Criminals register a premium rate phone number then access your phone system by exploiting unpatched firmware or weak passwords. They call that premium number from your system, racking up huge charges.
• Call redirection: By gaining access to your telephone system, scammers re-route calls from customers and are able to extract personal and financial information from them.
• Ransom attacks: Similar to ransomware attacks that steal or prevent access to a company’s data on their network, voicemails or call recordings containing confidential and/or commercially important information can be held to ransom if they’re accessed by the wrong people.

How do we secure VoIP to stop these attacks from happening?

These kinds of attack are rare, and with some simple steps – most of which you’re probably already applying to other applications – you can protect against the threats outlined above and benefit from the improved call quality, great range of features and cost savings that come with VoIP.

Choose a trusted provider

Your VoIP provider should show commitment to information security; look out for ISO 27001 accreditation to help demonstrate this.

Find out how responsive their support team is, if you have concerns or the worst happens and you experience an attack, how quickly will they be able to react?

Patching

Just like computer operating systems and apps, your VoIP system may need the occasional update to fix bugs that could be exploited.

Make sure to find out if your provider will take care of this, and whether this work will be scheduled at a time that suits your business (sometimes a problem with companies based overseas). Cloud based phone systems are ideal here because updates can be made without any need for a site visit.

 Strong passwords and Multi Factor Authentication

VoIP user accounts should have strong passwords that have not been used elsewhere; don’t leave them set to default! If possible, set up multi-factor authentication (MFA) to add an extra layer of protection, particularly for admin accounts.

Have a separate internet connection for your VoIP

Using a completely separate broadband connection for your VoIP  guarantees the best possible call quality. and it also means that if you do suffer an attack, damage can be limited as you stop attackers from then gaining access to data stored on your business network.

Bar premium rate numbers/international calls

Another damage limitation strategy is to bar premium rate and international calling to avoid racking up a lot of unwanted bills if your system is compromised. Speak to your provider to set this up.