After the issues experienced by the NHS this last weekend and many others around the globe, I have already seen floods of posts giving advice on improving network security with a view to IT.
So, with a higher percentage of voice now being carried across internet lines it seems important to focus on telephony and providing a robust infrastructure for this.
- Keep the networks separate
A selling point of some companies is that a single connection can run both voice and data and therefore save on costs; however by keeping both on the same connection it opens both up to attack. Our recommendation would always be to have separate networks for both voice and data, protecting both technologies from spread if one did become infected.
- Keep your software up to date
The NHS hack exploited a flaw in Microsoft’s operating system; one which they had previously released a patch for back in March – however with many users not updating it left them vulnerable to attack. Phone systems are the same and it is important to continually keep them up to date. Every new system we install has Software Assurance meaning we take control of providing the most up to date software, keeping your system safe.
- Never user default passwords
Just like with IT, phone systems use passwords to access various functions, and there is a router connecting the system to the outside world. Make sure there are no default username and passwords – as this is an easy way to gain access to the system.
- Set up bars to number types not required
Much of fraud on telephone systems takes place by hackers gaining access to the system, and then making calls to premium international numbers which give the hackers a portion of the income. If you don’t need to make calls to international numbers – speak to your telecoms provider and have them barred, it is a very easy way to cut this risk off completely. As a note – ensure that Voicemail is treated as a separate extension as this can be missed and leave you open to vulnerability.
- Automatic Cut-Offs
No matter how many methods are in place to prevent an attack, there should always be a last line of defence, which we would recommend to be a cut-off. This means that if a certain call spend is reached on a given day, your lines will be cut off, and can only be reactivated when the problem has been looked at and resolved.
We set up two lines of defence for our clients, a notification at a certain level, and then automatic cut off at another. The second is the most important as much of this fraud happens over the weekend when many businesses may not check their emails so at least once the limit is reached, no further fraud will take place.
Whilst this is by no means comprehensive, there are some important points above. We would always recommend speaking to your provider and raising any concerns that you might have – we are of course always happy to give any help or advice.