Security for your VoIP network is essential to protect you and your business from fraud, spam, and malicious intent. Over two thirds of all cyber attacks are crime syndicates; organised bodies specifically created to extract/detain/destroy information for the purposes of financial gain. The following checklists are examples of the measures we take to protect our clients from cyber-crime.
Keeping your telephone system on the latest software provides you with the latest security features. The older your software, the more vulnerable you become.
Block voicemail trunk to trunk transfers
Block/PIN access on international calls
No voicemail passwords as default
Change development & service level passwords on the system from default
Block premium numbers (number starting 09, 14109, 128009)
Block directory enquiry services (numbers starting 118, 141118, 1280118)
Block speaking clock (123, 141123, 1280123)
Block outbound/international outbound calls when in night service (still allow 999 and 112)
Session Border Controller for all IP voice phone systems
Trunk Line Checklist
Not all trunk lines have the same options, which is why it is worth speaking with a specialist before selecting a trunk line type and provider. SIP trunks offer the most options for security due to the newer technology.
Call spend threshold: outbound calls blocked when a monthly spend threshold is reached
Near threshold alert: email announcement when a percentage of threshold is reached
Block international call barring: where not required by the business
Fraud insurance: a small fee per trunk line per month to insure against the cost of Phreaking
Account contact verification: only authorised employees can request trunk line actions
Variance checking: comparing the current period of billing against the previous period
With the latest VoIP technology allowing voice onto the data network, it is worth taking another look at your network security. Does the UC phone software provide a backdoor onto your data network, now they are linked?
Voice network firewall: prevent the rerouting of calls even if the system or voicemail is compromised
Data network firewall: prevent unauthorised access to the data network
Cyber Essentials: Government supported scheme setting out recommended standards
Pen test: network/system survey to identify possible vulnerabilities
If you have not had a discussion about security and Phreaking, please get in touch immediately. Telephony fraud is not just an inconvenience; there is a very real phone bill that needs paying if you are compromised.