Like any system that relies on communication over the internet, VoIP is vulnerable to the threat of cyber attack. Many attacks against these systems make use of the Session Initiation Protocol (SIP) which is the most commonly used in the VoIP sphere.
Whether you have already made the switch to VoIP therefore, or are considering it, security is something to which you need to give serious thought. Fortunately, there are some simple and effective steps you can take.
Password protection
Most businesses adopt VoIP in order to save money through advantageous wholesale VoIP termination rates from specialists such as IDT. The last thing you want to be doing, therefore, is paying out for calls made by other people on your account. Service theft is one of the most common attacks on VoIP systems, wherein hackers attempt to access your system and use it to make calls. Misuse can be limited by restricting certain dialling codes for example, but this is no excuse for ignoring good basic security.
The first step to preventing this is to make sure that you enforce a policy of strong passwords. This applies not just to the VoIP system but also to your endpoints and to your admin accounts. Replace any default logins as these are the first port of call for hackers.
Using encryption
Because VoIP calls are transmitted over the web, they are vulnerable to interception and eavesdropping. The best way to guard against this is to ensure that the traffic is encrypted. There may not be any additional cost here; your existing network equipment may well have an encryption capability just waiting to be turned on.
Most networks have a firewall, but for VoIP, you need to ensure that it is configured correctly to handle the traffic otherwise you could end up introducing more problems for yourself. It’s essential that your system is properly configured to fend off DDoS attacks, which can be used to degrade your VoIP service or even render it impossible to make calls.
Where staff are accessing your VoIP system from outside the office, at home or via mobile devices, you should consider using a VPN. This effectively creates a secure tunnel between the endpoint and your network, making it much harder for the connection to be interfered with.
Training matters
One of the keys to keeping your network secure is to ensure that all of your staff are properly trained. This ensures that everyone is aware of the need to keep networks secure by using secure passwords and not sharing login details. It also serves to raise awareness of threats such as SPIT (SPam over Internet Telephony) and Vishing (voice-based phishing attacks).
Something you should also do is to test your network regularly for vulnerabilities. This will show up any weak points and allow them to be addressed before they can be exploited. You should also carry out regular audits of user accounts and ensure that as people move departments or leave the business, their access privileges are adjusted or revoked accordingly.
