As SMBs continue their steady transition away from traditional telephony services in favor of VoIP, threats of cybercrime and fraud are more common than ever before. Risks to VoIP systems are distinctly unique from those posed to your other networks and understanding how to combat them is critical. Here are 5 tips for securing your organization’s internet-based communication devices and services.
Types of threats
The majority of VoIP services involve live communications, which often seem far more innocuous than stored data. Unfortunately, your business has just as much valuable information moving across VoIP networks as it does hosted on company servers. Internet-based calls are far more vulnerable to fraud compared to more traditional telephony services and face threats from identity theft, eavesdropping, intentional disruption of service and even financial loss.
A recent study by Nettitude reported that 88 percent of VoIP security breaches take place outside of normal operating hours. This could be attackers trying to make phone calls using your account or gain access to call records that contain confidential information. This can be avoided by contracting outsourced IT vendors to monitor network traffic for any abnormalities or spikes in suspicious activity.
One of the reasons that eavesdropping is so common is because a lack of encryption. Inexperienced attackers can easily download and deploy tools to intercept and listen to your calls. Although some services claim built-in encryption, be sure to investigate how effective they really are. Many of these protocols require the same VoIP client on the receiving end of the call — something that’s much harder to control. Encryption should be compatible with as many other software clients as possible to effectively prevent anyone from undermining the privacy of your calls.
Virtual private network
Virtual private networks (VPNs) create a secure connection between two points as if they were both occupying the same, closed network. It’s like building a tunnel between you and the call receiver. In addition to adding another layer of encryption, establishing a VPN can also overcome complications involving Session Initiation Protocol trunking, a recommended VoIP feature.
Every VoIP vendor should provide a firewall specially designed for IP-based telephony. These protocols will curb the types of traffic that are allowed, ensure the connection is properly terminated at the end of a session and identify suspicious calling patterns. Consult with your VoIP or IT services provider about which of these features are available and currently in use at your organization.
Usually password protection refers to requiring password authentication to access sensitive information. However, in this case it actually means protecting the passwords themselves. Eavesdropping is one of the easiest, and most common, cyber attacks against VoIP networks and even with all of the protocols above, employees should be instructed to never give out any compromising information during a VoIP call.
VoIP is as important as any of your other network security considerations. It requires a unique combination of protection measures, and we’d love to give you advice on implementing any of these protections or managing your VoIP services. Give us a call today to get started.