BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Prevent Hackers from Stealing Your VoiP and Costing You Money

Prevent Hackers from Stealing Your VoiP and Costing You Money

Hackers Stealing VoIP

Best ways to prevent your business from losing money because of hackers stealing your VoIP service.

In 2017, telecom fraud amounted to $29.2 billion in losses to organizations and carriers, according to No Jitter. One form of telecom fraud is theft of service, which is obtaining service through an individual or company without payment. VoIP is much more prone to theft of service than traditional telephony services. Service can be stolen through hackers stealing user names, passwords, and other account information. Hackers also can introduce malware into the system to more easily enable theft. Unfortunately, the Federal Communications Commission has not issued any regulations on VoIP fraud, which means that businesses are still liable for any hacked calls. Fortunately, businesses can take some precautions to prevent theft.

Protect Passwords

When businesses buy a new phone, they should always change the password from the factory settings. Some phones use different passwords for the phone interface and web interface. In this case, unique passwords should be used for each interface. Passwords should be made secure by changing them every six months and requiring at least 12 characters including upper and lower case letters, symbols and numbers. Businesses also should regularly update the admin portal password for the VoIP provider.

Limit Physical Access

VoiP phones and other instruments should be kept in a locked space to prevent unauthorized access. The environment of the space should be maintained within the limits set by the equipment manufacturer. Secure access panels to the air conditioning and power.

Build Security in Layers

To prevent attacks and service theft, an organization should plan its VoIP system as carefully as it does its data network. One way is to plan security in layers.

  • The first layer of security is preventing intrusions on the network. To secure the network, use VoIP-aware firewalls and shut down ports at any sign of malicious behavior, according to Tech Target.
  • The second layer of security is phone authentication. The phone will not be authorized to the network or to the IP PBX unless a mutual certificate exchange or a certificate and dongle architecture have authenticated it, according to Tech Target.
  • The third layer involves encryption or authentication between the media and various channels. This means media gateways, ALGs, firewalls and NAT devices, and SBCs, according to Tech Target.
  • Finally, the fourth layer is user authentication. Only users authenticated via a user name and password or token device or mutual swap should be allowed to make or receive phone calls, according to Tech Target.

Disable International Calling

Most hackers go after the more expensive international phone numbers. Businesses that don’t need to regularly make international calls can disable international calling, using an international calling card when necessary. If regular international calling is required, businesses should carefully check invoices to be sure all calls made are legitimate.

More Like This

Are You Ready For Pandemic 2.0?

Will We Have Another Wave Of COVID-19? Dr. Anthony Fauci has made clear that he is almost certain the novel coronavirus will come back in the fall. Even so, a whopping 42% of CFOs don’t have a plan for what to do if the pandemic and accompanying shutdowns hit yet again. Don’t wait until fall hits to start …

Are You Ready For Pandemic 2.0? Read More »

Read More

AA20-133A: Top 10 Routinely Exploited Vulnerabilities

Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by …

AA20-133A: Top 10 Routinely Exploited Vulnerabilities Read More »

Read More

AA20-126A: APT Groups Target Healthcare and Essential Services

Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 …

AA20-126A: APT Groups Target Healthcare and Essential Services Read More »

Read More

Is this a new version of Nefilim Ransomware or something different?

Original release date: May 5, 2020 Summary A possible new variant or maybe a different tactic now being used by the Nefilim Ransomware Background As noted originally by the BleepingComputer the ransomware going by the name of Nefilim came to be around the end of February2020. While these threat actors originally deployed a Tor Payment …

Is this a new version of Nefilim Ransomware or something different? Read More »

Read More

How to Use Microsoft Teams

How to Use Microsoft Teams Technology Microsoft Teams has quickly become one of the most popular tools businesses are using as employees have migrated to working from home. How can your business best use Teams and its features to keep employees connected and productive during the COVID-19 pandemic? What Is Microsoft Teams? Microsoft Teams is …

How to Use Microsoft Teams Read More »

Read More

AA20-120A: Microsoft Office 365 Security Recommendations

Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms. This Alert …

AA20-120A: Microsoft Office 365 Security Recommendations Read More »

Read More