Using a Voice Over Internet Protocol (VoIP) to make and receive calls offers many benefits that are impossible with a traditional business telephone communication system. However, security is one area where a standard land line has an advantage. When speaking on a typical phone, the primary concern is that someone has tapped the line. Unfortunately, people open themselves up to the same security vulnerabilities as any other user when they use the Internet for call purposes. That’s why it’s so important for business IT departments to be aware of specific threats and to have a prevention plan in place. Some of the most common security threats include:
- Denial of Service attacks (DoS): When a hacker successfully launches this attack, it shuts down a company’s Internet and telephone service at the same time.
- Patching issues: Phone handsets used in VoIP-based technology must be frequently updated with security patches to make sure hackers can’t gain entry and steal the information being discussed.
- Security breach vulnerability: A company makes itself a target for a major security breach if it doesn’t have systems for gateway security, firewall configuration, Syslog review and wireless communication and patching procedures in place before allowing anyone to operate the VoIP system.
- Unsolicited messages: VoIP systems are prone to spam just as email accounts are. Spam Over IT Technology (SPIT) causes employee telephones to ring with unsolicited messages. This slows down productivity as well as leaves the company open to DoS attacks and having its bandwidth stolen.
- Internet threats: When a company does not encrypt its data, it can easily be stolen by cyber criminals and hackers. Using programs called packet sniffers, they can see all information transmitted over a network.
Strategies to Protect Voice Services
While the security challenges of communicating with a VoIP system are real, the following security tips can help companies work through them:
- Strict policies for all users: When a new person starts using the system, the IT department should inform him or her of all security features. As part of new employee orientation, companies should require users to create a strong voice mail password and commit to deleting any voice mail that contains sensitive information. He or she must also report any unusual occurrences with the phone, such as a previously deleted voice mail suddenly reappearing.
- Encrypt all confidential voice data: Rather than encrypting at random, businesses should apply encryption by device, segment, or user. This prevents the network from becoming excessively latent.
- Apply logical and physical protection to voice systems: Technology such as a firewall or intrusion prevention protects the business from unauthorized VoIP traffic in addition to tracking patterns of unusual voice activity.