The ability to communicate both internally and with customers is as critical for any business as access to stable electricity and clean water. Yet we know many businesses do not give enough consideration to protecting this valuable and necessary service. Unfortunately, threat actors know this too and are more than happy to take advantage.
Common Attacks
Every year there are increasingly more attacks on businesses, often leveraging their communication infrastructure. Just a handful of common attacks include:
- VoIP Hacking – Listening to calls, racking up expensive bills and stealing sensitive information about your business and customers.
- Social Engineering – 97% of malware attacks are a result of social engineering, where employees unintentionally give scammers information and access to systems though sophisticated impersonation attacks over the phone. Using another person’s personal identification information, such as first name, last name, date of birth, address, ABN, etc. it is possible to carry out further attacks against related systems leveraging this information.
- Caller-ID Spoofing – Scam callers will change their caller id to impersonate legitimate companies – i.e. ANZ, NAB, AMP, Centrelink, etc.
- Eaves Dropping – Taking payments over the phone? Scammers can listen to unencrypted calls over unsecure wi-fi networks and routed networks, to sell company information, bribery and ransom.
- Voice Call Spam – Similar to email, telephone systems can also receive voice recorded messages as spam. There calls are often an annoyance and can tie up your extensions but can also be used to carry out other attacks on your business.
Security Strategy
Fortunately, with a little planning and care, many of these risks can be avoided with a sensible security strategy for your VoIP implementation and general network infrastructure.
At Managed Services Australia, we offer the use of 3CX for VoIP telephony systems with Fortinet Unified Threat Management Firewalls for your network borders alongside robust, trusted telephony carriers. The combined use of these industry leading solutions assists your business in mitigating the above-mentioned risks by taking advance of features like:
- 2 factor authentication
- End to end call and web meeting encryption
- Carrier line IP authentication
- Voicemail pins
- Geographic blocking of international calls
- IP blacklisting and anti-hacking module – IP learning and reporting
- Secure network tunnel between cloud phone system and office network
- Call recording
- Detailed call reports
- Restricting server console access
