The use of VoIP for business communications has increased exponentially in the last few years, due to the wide range of features and benefits on offer as well as cost effectiveness. However, with the expansion of the technology from local and wide area networks to internet voice calls, organisations are realising that the security concerns which exist for standard internet traffic also apply to VoIP systems.
For example, most VoIP traffic is sent across the internet unencrypted, meaning that anybody with network access and packet-sniffing software could eavesdrop on calls and gain access to proprietary, personal, or company confidential data to use for their own profit. A security breach could be as simple as someone accessing your system to make free calls, or as serious as spoofing your phone numbers to pose as a company employee and talk to your customers, possibly taking credit card payments from them. And these attacks are near-impossible to trace.
With this in mind, here are 7 things to consider for your VoIP system security.
1. Get a good firewall
While your data network probably has strong security in place, you should do the same for your VoIP system. If you have an on-premises system, invest in either a firewall, an intrusion prevention system (IPS), or both. These components can operate in tandem to track, identify and examine all traffic in the VoIP network, both authorised and unauthorised, and flag any unexpected activity. If you have a cloud-based system, find out what your provider has in place. Dedicated security measures are crucial for any provider’s reputation so you can take advantage of their experience in protecting against threats and vulnerabilities.
2. Work with your service provider
Your service provider transmits your calls outside your network and charges you a monthly rate. Make sure they are serious about security by checking they have considered and covered aspects such as signalling methods, VLAN configuration, encryption and user authentication. Due to the swift development of VoIP technology, wholesale VoIP termination rates are increasingly competitive and there are plenty of specialist providers such as IDT who can offer the exact solution you need.
3. Configure robust network access rules
When you set up your VoIP system, consider how you want to control access to the network. You could implement device certificates, or require users to enter usernames and passwords. Additionally, VoIP phone security can be configured to only allow certain types of network calls, dependent on the user and device.
When it comes to your voice servers in an on-premises solution, ensure that they are only accessible to system administrators. You can use additional domain restrictions and implement security such as two-factor authentication to allow access.
4. Don’t forget remote access
If you have remote employees who use the VoIP system, security takes on extra importance. An established best practice is for your remote users to secure all calls with a virtual private network (VPN) connection.
If your employees have VoIP client apps on their mobile devices, it’s a good idea to implement mobile security policies such as locking the device and even remote wipe. This ensures that mobile devices aren’t a weak point for hacking your VoIP system.
5. Keep up with updates
Always install available updates as soon as reasonably possible, ensuring your system has the latest security measures. This applies especially to any firmware, so that all devices continue to function. Some firmware resets security configuration settings back to their defaults after an update, so check if this applies to your devices and confirm all settings at regular intervals.
6. Use encryption
If your business involves discussing sensitive information over the phone, encryption is a sensible precaution. By encrypting your voice traffic, packets and signalling, you make it extremely difficult for hackers to intercept calls at any point in the transmission. A secure protocol such as Secure Real-time Transport Protocol (SRTP) will ensure your audio is unintelligible to any unauthorised parties.
7. Educate your users
Finally, make sure all VoIP users know and adhere to all of your security policies. We recommend you provide employee training, both on how to use the system correctly and on possible security threats. Set up a robust password policy for accessing voicemail – a combination of upper and lower case, numbers and special characters makes it much harder to guess – and force passwords to be changed regularly. Users should delete voicemail messages once they are no longer needed, or you could automatically remove them after a set time to ensure potentially confidential information is not stored indefinitely.
The functionality available with VoIP makes it a compelling option for businesses of all sizes. To take full advantage of this and avoid costly data breaches, security should be an integral part of whatever solution you choose to adopt.