The many benefits of switching to a VoIP system from traditional telephony are why it has become widely adopted by businesses everywhere. But since most businesses view the switch to VoIP as just an upgrade to their phone system, the importance of VoIP security rarely crosses their mind. VoIP’s technology has inherent vulnerabilities that can pose a risk, but with the right security measures set in place, VoIP can be secured to prevent attacks or misuse of services. Security specifically for VoIP communications can be examined in three important parts:
What do you need to protect?
- Keep your VoIP service running continuously, without disruptions or downtime
- Protect sensitive customer information and business data, including call transcripts and transaction records
- Prevent unauthorized users from making calls, and gaining access to your network
- A secure VoIP system will help your business maintain compliancy standards
Who are you protecting against? Understanding where threats may come from and the motivations behind the attacks is critical. The main threats generally come in three forms:
Toll Fraud: A person or organization that wants access to VoIP services can piggyback on your system to gain free international or long-distance calls and data transmissions.
DoS attacks: Denial of Service attacks, organized assaults on a VoIP system are initiated to gain access to confidential information, along with telephone numbers, IP addresses, etc. This sensitive data can then be sold to competitors, or used to redirect calls for other purposes. DoS attacks are not always financially motivated. Sometimes the intent is simply to disrupt or shut down a network and may have been initiated by a disgruntled ex-employee or a sneaky competitor.
SIPVicious attacks: SIPVicious in its benign form is a developer tool used to audit the state of your SIP network. But the tool can be corrupted for bad intentions and used to gain access to a network or shut down systems, crippling your business.
What security measures are needed? VoIP security measures are not that different from data network security and layered steps work best.
Encryption – Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the standards for data encryption. These measures encrypt or scramble information so that it cannot be easily deciphered if the data transmission is intercepted.
VLAN – A VLAN segregates broadcast domains between networks. Because it separates voice and data, you can apply different security measures to your voice and data packets while improving the performance of your VoIP system. A VLAN is a good security measure for remote phones that connect to the business network.
Network security – It is just as important that your business network infrastructure is secured with firewalls, antivirus, gateway protection, end point security measures. Software patches and updates should be run regularly to keep systems up to date and eliminate vulnerabilities. To prevent outages and downtime, a redundant power supply, backup servers and regular data backups should be built into your VoIP network.
User Security – Educating the user is vital to preventing human error. Employees must use strong voicemail passwords, be educated about threats and how their actions can either help or hurt security. Employers must set and enforce security policies. For instance, applying a pin code for international calling is a common security measure to prevent unauthorized international calling. If a business is lax with precautions, they may not even know when a breach has occurred until after the damage has been done.
Businesses shouldn’t shy away from a VoIP phone system due to security concerns. The benefits far outweigh the risks! Just as with any technology, when you take the necessary steps to ensure that your system remains secure, risk becomes greatly minimized. Many of the VoIP systems available today include robust security protocols as part of their offerings. Be sure to inquire with a VoIP service provider about built in security options if you are planning a move to VoIP.
Take a look at Ancero’s Utility VoIP cloud based phone system. Our award winning Managed Communications services can help you plan a communications strategy perfect for your business needs.