Your Voice over Internet Phone is Just as Vulnerable to Hackers as any other Internet-Enabled Device. Here’s How to Stop VOIP Hacking in its Tracks.
More and more companies are getting rid of their landlines in favor of convenient and portable Voice over Internet Protocol (VoIP) phone systems. While these systems come with tremendous advantages in video, audio and messaging capabilities, they also come at a cost: being vulnerable to hackers. If you’ve got a VoIP system, you need the right protections. Do you know how to prevent VoIP hacking at your company?
What is VoIP Hacking?
VoIP hacking, as you might have guessed, is whenever a cyber criminal targets your VoIP system, using its internet connectivity to infiltrate your phone systems. From there, they can often hitch a ride into your network overall. And they can use it to listen in on calls, make charges on your accounts, impersonate executive text messages, and steal valuable business information about you, and your customers.
With VoIP Hacking, the opportunities for fraud are endless.
VoIP Hacking Tactics: How They Work
While this type of hacking is really only limited to the ingenuity of the hacker, there are several types of VoIP hacking that are common. And they have common pitfalls, too.
1. Toll Fraud
One of the most basic and obvious VoIP hacking tactics, toll fraud occurs when hackers send phishing emails to get administration passwords and access to your phone system. Then they make as many international calls as they please, and charge the bill to your company.
2. Unauthorized User Attacks
Similar to the toll fraud hack, bad actors gain access to your system. But instead of making personal calls, they actually hijack your company’s bandwidth to make illegal robo calls. Worse yet, your name and number will come up when they make those calls, leading the person on the other end of the call believing they are being contacted by your business. To stop this from happening, regularly check your call logs to make sure only legitimate users are on your network.
3. Progressive Caller Spoofing
Once a hacker gets into your system, they can call other people in your network, impersonating extensions within your network. Maybe that new employee thinks they are talking to the CEO, or the head of IT for their company. They turn over passwords or other vital information. And the damage that can be done with that is tremendous.
4. Eavesdropping for Corporate Espionage, Theft, or More
VoIP Hackers don’t necessarily have to get people to give them passwords to unlock things. Sometimes they can simply glean information about that upcoming merger, or a new product announcement, or that important new hire or firing. They can sell your customer’s private information, sell proprietary information to competitors, or bribe businesses and customers by threatening to expose their sensitive information.
This is only a sample of what VoIP hacking can cost your business. So, now that you know—what can you do? Let’s take a closer look at some of the tactics we recommend.
How to Stop VoIP Hacking Before It Starts
Luckily, there are tools to address the threats that VoIP hacking poses to your business. Some of them are cybersecurity products, others are simply a matter of training and proper protocol. Here’s some of our favorites:
Choose the Right VoIP provider
Your best defense is a VoIP vendor that has good internal built in security. As them to provide you with documentation on the security processes they have in place. If you are in an industry with data handling regulations such as HIPAA, ensure that their systems are compliant. Discuss how vulnerabilities get reported, how they respond when hacks happen. Don’t settle for less.
Choose Your Administrators Wisely
Be careful about which employees have access to the network. Consider gating off functions, having an employee that’s in charge of billing, for instance, and others responsible for access for conference calls, setting up new lines, etc. Perhaps another who monitors for incursions. And maybe only two employees that have access to everything. This alone will help keep down attacks.
Use a VPN for Remote Access and Endpoint Filtering
VoIP networks allow cell phones to be part of the company’s network. As such, you should be sure that they are on a Virtual Private Network (VPN) to encrypt those phone calls. That secure connection ensures that workers aren’t leaking information, or inadvertently logging into the unsecured wifi at their favorite coffee shop. This one step will make it nearly impossible for a hacker to eavesdrop. Back all that up with an endpoint filtering tool on your virtual private network that makes it impossible for those phones to connect to unsecured or suspicious websites.
Regularly Check Your Network
Don’t be a company that sets up a network, and never checks it again. Your VoIP system needs to be checked periodically to ensure the integrity of your data. Check every few months to be sure that staff who’ve left have been removed from the system. Make sure you frequently change your admin passwords. And check the connection gateway to make sure it’s still properly filtering incoming calls. If your company is doing hacker simulations through a formal penetration test, be sure your it is tested for VoIP hacking as well.
Watch Your Call and Access Log
Your system should automatically be recording the calls coming in and going out of your system, who they are going to, and how long they last. If you see suspicious numbers or usage patterns that are out of the ordinary, this can be a red flag that malicious activity is taking place on your network. Nip it in the bud with vigilance.
Passwords, Protocols and Cybersecurity Training
Set your system so it requires employees to create longer (20 character) passwords with capitals, numbers and special characters. Require them to store their passwords in a password vault you authorize. Once you’ve done this, install two-factor authentication apps like Duo Mobile that ensure no one is spoofing their credentials. Once that’s done, conduct cybersecurity training that goes beyond just phishing awareness, and includes their cell phones. VoIP hackers thrive on the ignorance and distractedness of your employees. Don’t give them an advantage.
Create a Mobile Phone Use Policy
Having the convenience of a VoIP cell phone is a privilege, and should be treated as such. Setting a clear mobile phone use policy is one of your best defenses against VoIP phone hacking. As part of the policy, require all phones to have fingerprint ID to unlock the device, and require employees to keep all their apps and programs as up to date as possible.
How to Stop VoIP Hacking: Where to Learn More
Want to learn more about how to secure your VoIP system, and enable a more remote, cyber secure workforce? Iconic IT has the resources you need. Check out our list of VoIP Pros and Cons, before you sign up for your VoIP service. Check out the money that VoIP phones can save for your company in our latest blog. And get a look at the bigger picture with our recent missive on how new technologies like VoIP are affecting the modern workplace.
If you’re looking to assess the cybersecurity of your business as a whole, we can help with that too! Download our FREE Cybersecurity Essentials Kit, with all the assessments, buying guides and background materials you need to get you started on a new cybersecurity program. Check it out!