Switching to VoIP offers businesses considerable benefits in terms of flexibility and cost reduction. But as with any system that is based on the use of the internet there are other factors to take into account, in particular the challenges of keeping it secure.

There are a number of potential threats, from hacking to DDoS attacks that can compromise VoIP systems. It’s important for businesses to understand the threat landscape and to be prepared to react.

Wholesale VoIP termination rates drive take-up

Competitive rates for VoIP systems mean that more and more businesses are adopting the technology and benefiting from savings on their call costs. But that, of course, means a bigger attack surface for the bad guys.

The degree of risk depends on the type of system being used. Those relying on public internet connections are more at risk, which is why many businesses choose to have a leased line connection to the internet that is not shared. Some choose to use VPNs to provide security in the same way as data connections. However, these use firewalls which can mean the VoIP system is compromised if the firewall is attacked.

Of course, DDoS attacks that seek to flood a network with traffic can be equally disruptive for VoIP traffic as for data traffic. Defending against these is a key part of any organisation’s overall systems security strategy.

VoIP focused attacks

There are some problems that are specific to VoIP systems. For example, there’s now a type of spam – known as spit – that specifically targets VoIP systems with unwanted messages. There’s also the threat of eavesdropping where insecure connections are used.

Voicemail is a particular vulnerability. Many people now enjoy the convenience of accessing their voicemail messages remotely. However, they very often fail to change the default PINs or passwords used to get into the mailbox. These can afford hackers a backdoor way into the VoIP system and may even allow them to hijack the network, allowing them to make calls on your account. Some VoIP systems now guard against this by allowing calls to be returned to numbers that left messages on the voicemail but not allow the dialling of other numbers.

While VoIP is simple for the businesses which use it, the technology that drives it is pretty complex. For this reason, many people look for a managed service approach from an established provider such as IDT. In selecting a system, it’s vital to consider what security measures the provider already has in place; masking of IP addresses, for example, so that individual customers are hard to identify. Monitoring of the service for unusual behaviour is now also offered by some service providers. This allows attacks to be spotted early and remediation measures put in place to stop them.

VoIP offers many benefits for enterprises, but there are security concerns and these need to be taken seriously. However, with the right provider, they shouldn’t dissuade anyone from adopting the technology.