Cyber Attacks and VoIP
Voice over Internet Protocol (VoIP) is a way to take audio signals and transmit them in digital format via the internet; turning an internet connection into a way to make essentially free worldwide calls. With VoIP becoming increasingly more attractive to businesses of all sizes, because of it’s cost effectiveness and scalability, it becomes imperative that business owners understand the security risks, and more importantly, how to combat them. Security risks are mostly taken care of by the VoIP host, where a dedicated team of security experts will work to keep your network safe and secure. However, there is still a number of risks that you should be aware of, and some relatively easy ways to combat them and keep your system as secure as possible.
To best protect your VoIP phone system, you will need to ensure that the computers and other hardware are all secure. One of the most effective ways to do this is to set up an SIP firewall. SIP (Session Initiation Protocol) regulates packets of voice data as it passes between two endpoints on a network – a SIP-based firewall monitors and regulates these voice packets and filters out any traffic that looks suspicious. This is a particularly important area today, when according to Cisco, toll fraud is “prized by a global armada of phone pirates, who are unrelenting in their attacks.” Chris Kruger of Cisco discussed a case depicting the dangers of toll fraud and disregarding security as a top priority:
“Unfortunately, a business decided they needed voice security after the fact… During a few hours one morning, a rogue user had easily accessed the call control in the SIP gateway and generated several thousands of dollars in calls to Eastern Europe.”
So you can see the inherent dangers in failing to take security seriously. Luckily, with top VoIP providers, there will often be security measures in place that will combat threats that a firewall would combat. For example, RingCentral provides top-class network protections that are optimized for handling voice and data. It also provides a continuous monitoring program from their team of security experts, in order to flag potential disruptions, data breaches, and fraud.
Restricting Access and Securing Passwords
Avoxi lists the restriction of unnecessary access to your network as one of the most important ways to keep your VoIP network secure. Allowing open access to all users on your system leaves your system incredibly vulnerable, especially if passwords are not secure, so business owners may need to think long and hard about who they allow to have access to certain privileges when setting up their VoIP.
RingCentral recommends that vendors should implement (at the very least) a stringent set of “strong password policies” as well as SSO (single sign-on) to alleviate log-in fatigue. SSO is a session- and user-authentication service that allows users to use one set of login credentials to gain access to multiple applications without further prompting for authentication.
However, RingCentral is more than aware of the security challenges that are presented by SSO. If a user’s primary password is discovered or changed by hackers, they could have access to multiple resources and applications. Hence the need for a strong password policy. Passwords are incredibly easy to secure with minimal effort; industry standards suggest an 8–16 letter combination of symbols, numbers, and upper- and lowercase letters. In addition to this, passwords should be changed/updated every 2–3 months to further reduce the risk of a security breach.
In order to aid this, many VoIP hosts will provide some form of authentication guidelines or policy. For example, RingCentral provides Duo Access Gateway prompts for two-factor authentication before access will be granted to the VoIP service. It also allows admins to control and enforce a unique policy for each individual SSO application, checking the user, device, and network before allowing access to the application.
Monitoring Network Activity
Just as consumers monitor their accounts for strange activity, so should businesses with regards to network activity and billing. While the measures already mentioned like restricting access and using firewalls will dramatically reduce your risk of a security breach, regular monitoring can provide another safety net if other measures fail. Call logs should also be frequently audited and monitored, as many hackers will attempt to use a VoIP to make international and often costly calls. Avoxi recommends that you schedule specific periods of time to analyze call records on a regular basis – thus giving you comprehensive insight into your own business, while maintaining a security standard at the same time.
Ensuring your VoIP provider has sufficient remote monitoring technology is a major part of this strategy. Remote monitoring can help to identify problems before damage becomes irreversible, or at times before anything can be done at all.
You should ensure that your service provider will provide protections built into the service layer, and offers counsel on how to best avoid human error leading to toll fraud. The RingCentral platform provides security settings that can help to detect toll fraud and service abuse, as well as a dedicated staff for monitoring use and service.
A hosted VoIP can provide so many benefits to a business, such as cutting call costs and offering a modern and competitive system. However, there are inherent security risks. In order to avoid unnecessary breaches to the system, it is key to eliminate all possibility of human error, by restricting access, ensuring there is a stringent password policy, and monitoring activity on the system. By working in collaboration with your VoIP host, you have the best chance of fostering a secure and safe network from which to operate your business.
Sponsored Series By RingCentral
By Josh Hamilton
Josh Hamilton is an aspiring journalist and writer who has written for a number of publications involving Cloud computing, Fintech and Legaltech. Josh has a Bachelor’s Degree in Political Law from Queen’s University in Belfast. Studies included, Politics of Sustainable Development, European Law, Modern Political Theory and Law of Ethics.