More and more businesses are switching their voice communications to VoIP, but this inevitably raises concerns surrounding security. The good news is that a properly installed and configured VoIP system is pretty secure, but it’s important to understand how to keep it that way and how VoIP compares to PSTN in terms of its security.
New vs old
For many years, calls have been made over the PSTN system. This means that calls are sent over analogue lines via exchanges to their destination. PSTN may seem secure, but the analogue systems are relatively easy to tap into and – because they are analogue – to understand the content. This kind of interception generally needs physical access to some part of the equipment but it isn’t hard to do. There are other risks too, as PSTN equipment ages and doesn’t get replaced, it’s more prone to breakdowns and service outages.
With VoIP, your call is routed over the same internet connections used for your email, website access and cloud systems. It, therefore, has the same potential security issues as any other online system.
That said, things are no longer quite so simple, because as major service providers slowly move to VoIP, there’s a good chance that your PSTN call will be carried at least some of the way to its destination via the internet. Of course, it’s possible that internet traffic can be intercepted too, but you have the opportunity to encrypt the traffic to make it useless to potential eavesdroppers. There are other methods you can take to secure your VoIP too.
Protecting your wholesale VoIP termination rates
Most companies switch to VoIP in order to take advantage of lower call rates, so it’s important not to throw away this benefit with an insecure system. So, how do you go about protecting your VoIP from hackers and other threats?
Firstly it’s important to talk to your VoIP service provider and understand what, if any, security protocols they already have in place. You need to ask what industry protocols they adhere to, what third-party security tools they employ and how those tools are monitored.
Secondly, you need to secure your own network. A firewall is an essential first step, but it needs to be one that is able to handle VoIP traffic without creating bottlenecks and disrupting the service. It’s also important to look at compliance with rules. GDPR will apply to all businesses, but there are other considerations for some – MIFID II for financial services firms, for example.
Using VoIP gives you the opportunity to encrypt your traffic so that even if it is intercepted, it’s useless to an attacker. It’s important that this is done without introducing significant overhead. If you are allowing employees to connect to your VoIP system from outside the office then you should also consider employing VPN technology to minimise the risks in using public Wi-Fi networks that can leave data exposed.
You need to make sure that your endpoint systems are secure too. Whether you are using softphones or dedicated VoIP handsets, it’s important that they are kept up to date with the latest patches and firmware so that they remain secure.
User security
In addition to making the systems secure, you need to consider your users. People are often the weakest link in any security system, so it’s vital that your staff are properly educated in security protocols.
This includes the use of strong passwords. You can help to ensure this by enforcing rules for using a mix of characters and for minimum length. You also need to ensure that passwords are changed at least once a year and that staff do not share them. These rules should also apply to mobile devices.
Staff should also be encouraged to be alert and to report any suspicious events such as strange calls or voicemails that could be evidence of hackers trying to penetrate the system or of phishing attacks.
A major advantage of VoIP systems is that you have access to detailed call and access logs. This allows you to see exactly what traffic is being generated. Analysis of this log data can help you to spot unauthorised use of the system, whether by insiders or by hackers attempting to steal your call time. They can also show up things like brute force password attacks attempting to gain access to the system. Most systems will allow you to set up alerts to notify you when unusual activity occurs.
While there are understandable concerns over security, if it’s properly implemented and well controlled, VoIP from a respected provider such as IDT is no less safe than any other internet-based activity. Use the tools available from your service provider or third parties and indeed it can be made far more secure than a traditional PSTN solution.
