6 VOIP SECURITY TIPS TO PROTECT YOUR PHONE SYSTEM FROM ORGANIZED CRIME

6 VoIP Security Tips to Protect your Phone System from Organized Crime

In a Press Release, US Senator for NY, Charles Schumer, announced that both businesses and service providers need to take additional precautions against phone hacking.  

As Schumer’s press release notes, this is a matter of phone hackers gaining access to your phone system, and placing expensive international calls on your dime. With over 10 years of experience providing businesses with telephone and internet service we have seen quite a bit of phone hacking. We have organized here a list of techniques we have developed to assist our customers in preventing phone hackers from stealing expensive international minutes. 

1. Gratuitously Block Expensive Destinations

If you are a Monmouth Telecom customer, you may have dialed an international telephone number and heard the message: 

“This number is currently blocked. Please call your service provider.”

You can eliminate a great deal of risk by simply blocking calls to all international locations. If you make calls to a particular country, then block all international calls except for that country. This will result in the occasional need to call your service provider to unblock a country that you need to call, but isn’t this small inconvenience worth the provided safety?

2. Monitoring Traffic for Anything Out of the Ordinary

Keeping an eye on traffic is critical. Monmouth Telecom develops traffic benchmarks for all of our customers during normal circumstances and set off alarms when traffic appears out of the ordinary. Examples of out of the ordinary could include:

• Calls to destinations that have never been called before
• Calls during times where calls usually do not occur
• More concurrent calls than normal

3. Shoot First Ask Questions Later

Better safe than sorry. These fraudsters can rack up a lot of money very quickly. If fraud is suspected shut the traffic down and block calls until you can verify exactly what is going on.

4. Utilize the Latest Cryptographic Features

A lot of hardware and software vendors provide great security features, but they aren’t enabled by default. You need to research the available security measures and enable them.  Examples of these are Polycom and Cisco providing certificate based authentication for their VoIP Phones.

5. IP Whitelisting

This phone hacking is not limited to legacy style phone systems. With Business VoIP Phone Service on the rise hackers have a whole new field of attacks to perpetrate. You can eliminate a lot of potential hackers by limiting incoming connections to a known safe list of ip addresses. However this comes at the cost of requiring static ip addresses at all connecting locations. If you do not have static ip addresses, at the very least you can black list large ip blocks outside of the US.

6. Use a Cloud Based Phone Service Provider

There is a fundamental problem with a premise based phone system.  The business owner is responsible and financially accountable for a complex telephone system that they:

• Did not configure
• Have no expertise in maintaining
• Have no interest in acquiring expertise to maintain

This is a recipe for disaster and hackers have been taking advantage of it. With Software-As-A-Service, you have the developer and maintainer of the service responsible for the security. This moves the responsibility and accountability for the security of the system to the people with the most pertinent expertise.

With the world moving to cloud based services like Hosted PBX, the service provider’s motivation will increasingly be security minded. Above all else this will reduce the amount of low hanging fruit available for the phone hackers.

What high level security techniques do you employ? Leave insight in the comments below!

---------------------

Article Source: http://www.monmouth.com

Image Source: http://www.hiketech.com

Share this post