How To Protect Your VoIP From Cyber Attacks

Cyber Attacks and VoIP

Voice over Internet Protocol (VoIP) is a way to take audio signals and transmit them in digital format via the internet; turning an internet connection into a way to make essentially free worldwide calls. With VoIP becoming increasingly more attractive to businesses of all sizes, because of it’s cost effectiveness and scalability, it becomes imperative that business owners understand the security risks, and more importantly, how to combat them. Security risks are mostly taken care of by the VoIP host, where a dedicated team of security experts will work to keep your network safe and secure. However, there is still a number of risks that you should be aware of, and some relatively easy ways to combat them and keep your system as secure as possible.

Firewalls

To best protect your VoIP phone system, you will need to ensure that the computers and other hardware are all secure. One of the most effective ways to do this is to set up an SIP firewall. SIP (Session Initiation Protocol) regulates packets of voice data as it passes between two endpoints on a network – a SIP-based firewall monitors and regulates these voice packets and filters out any traffic that looks suspicious. This is a particularly important area today, when according to Cisco, toll fraud is “prized by a global armada of phone pirates, who are unrelenting in their attacks.” Chris Kruger of Cisco discussed a case depicting the dangers of toll fraud and disregarding security as a top priority:

“Unfortunately, a business decided they needed voice security after the fact… During a few hours one morning, a rogue user had easily accessed the call control in the SIP gateway and generated several thousands of dollars in calls to Eastern Europe.”

So you can see the inherent dangers in failing to take security seriously. Luckily, with top VoIP providers, there will often be security measures in place that will combat threats that a firewall would combat. For example, RingCentral provides top-class network protections that are optimized for handling voice and data. It also provides a continuous monitoring program from their team of security experts, in order to flag potential disruptions, data breaches, and fraud.

Restricting Access and Securing Passwords

Avoxi lists the restriction of unnecessary access to your network as one of the most important ways to keep your VoIP network secure. Allowing open access to all users on your system leaves your system incredibly vulnerable, especially if passwords are not secure, so business owners may need to think long and hard about who they allow to have access to certain privileges when setting up their VoIP.

RingCentral recommends that vendors should implement (at the very least) a stringent set of “strong password policies” as well as SSO (single sign-on) to alleviate log-in fatigue. SSO is a session- and user-authentication service that allows users to use one set of login credentials to gain access to multiple applications without further prompting for authentication.

However, RingCentral is more than aware of the security challenges that are presented by SSO. If a user’s primary password is discovered or changed by hackers, they could have access to multiple resources and applications. Hence the need for a strong password policy. Passwords are incredibly easy to secure with minimal effort; industry standards suggest an 8–16 letter combination of symbols, numbers, and upper- and lowercase letters. In addition to this, passwords should be changed/updated every 2–3 months to further reduce the risk of a security breach.

In order to aid this, many VoIP hosts will provide some form of authentication guidelines or policy. For example, RingCentral provides Duo Access Gateway prompts for two-factor authentication before access will be granted to the VoIP service. It also allows admins to control and enforce a unique policy for each individual SSO application, checking the user, device, and network before allowing access to the application.

Monitoring Network Activity

security watch

Just as consumers monitor their accounts for strange activity, so should businesses with regards to network activity and billing. While the measures already mentioned like restricting access and using firewalls will dramatically reduce your risk of a security breach, regular monitoring can provide another safety net if other measures fail. Call logs should also be frequently audited and monitored, as many hackers will attempt to use a VoIP to make international and often costly calls. Avoxi recommends that you schedule specific periods of time to analyze call records on a regular basis – thus giving you comprehensive insight into your own business, while maintaining a security standard at the same time.

Ensuring your VoIP provider has sufficient remote monitoring technology is a major part of this strategy. Remote monitoring can help to identify problems before damage becomes irreversible, or at times before anything can be done at all.

You should ensure that your service provider will provide protections built into the service layer, and offers counsel on how to best avoid human error leading to toll fraud. The RingCentral platform provides security settings that can help to detect toll fraud and service abuse, as well as a dedicated staff for monitoring use and service.

A hosted VoIP can provide so many benefits to a business, such as cutting call costs and offering a modern and competitive system. However, there are inherent security risks. In order to avoid unnecessary breaches to the system, it is key to eliminate all possibility of human error, by restricting access, ensuring there is a stringent password policy, and monitoring activity on the system. By working in collaboration with your VoIP host, you have the best chance of fostering a secure and safe network from which to operate your business.

Sponsored Series By RingCentral

By Josh Hamilton

Steve Prentice
The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date knowledge, and this can become something of a dilemma. Many of us grew up with a traditional understanding of the ...
Mark Ardito
OPEX is the new battleground I recently wrote in CloudTweaks about how cloud is forcing CIOs to work more closely with their C-suite colleagues to sell the benefits and its role as a business driver ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Get Smarter
Higher Education A big challenge for professionals of all ages is time. Balancing the responsibilities of work and life leave little time for self-improvement in the form of education. But ongoing education is more than ...
Security Breach 10 Useful Cloud Security Tools
Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Drew Firment
Stop Focusing on Cloud Adoption and Start Focusing on Cloud Maturity For the past several years, most organizations have made it their priority to shift much of their applications and data from on-premises to the ...
Viral Infection Wearabletech
David Fletcher Blown Image
Recovery Experts.png
Data Fallout.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.