How to Counteract VoIP Vulnerabilities: VoIP Security Risks
In today’s day and age we have become familiar and hopefully cautious when receiving strange emails with a random file attached. It’s unlikely that we would give it a second thought before deleting. This is because we recognize the need for cyber security to limit the onslaught of digital threats we receive on a seemingly daily basis. What we often overlook however, is that voice over IP (VOIP) services are susceptible to the same threats. These calls are being made over the internet after all. VOIP systems are quickly becoming the industry standard, yet, do not often receive the same level of care to mitigate risks. It’s why we thought we would compile the top three security risks and the ways they can be thwarted.
Call Interception: Many times a hacker can access a businesses’ network and remain unidentified for many months depending on the actions they take. For example, if they access your VOIP system, they will have the ability to intercept or even redirect your calls, leaving your businesses’ reputation in the hands of an unknown entity. While intercepting incoming calls, they can impersonate internal staff to request confidential information directly from your customers or employees. It is not only embarrassing, but can leave your business susceptible to penalties for compliance violations if it is determined that reasonable precautions weren’t taken.
Tip: The first line of defense to preventing this type of interception is ensuring your calls are encrypted, both inside your network, and outside for those authorized to access your phone system using mobile apps and devices. This aids in preventing unknown parties from listening in. It is especially important when your setup the system that it allows mobile staff who may use an unsecured Wi-Fi hotspot to make or receive calls.
Eavesdropping: Eavesdropping on calls has been around since the old days, but in order for this to have occurred in the past, an individual would usually physically tap the traditional line or phone switch in order to listen in. Now, with VOIP networks, the conversation can be intercepted and tapped over the network. Depending on the setup, the infiltrator can access the WAV files to record, download, and sell your business’s proprietary information to competitors, or on the black market.
Tip: Luckily eavesdropping can be relatively easy to prevent by ensuring the software being used does in fact have an encryption component. The further use of a Virtual Private Network (VPN) will also help to keep all data (calls, texts, videos) being transferred on your network is secure.
Toll Fraud: A growing threat to businesses involves attackers accessing your VOIP network to make international calls, leaving your business footing the bill. This is a very difficult case to fight and prove that the calls being charged were not authorized, especially on VOIP networks where little authentication or analysis is in place to validate the claims.
Tip: Consider installing a Session Border Controller (SBC) to make your VOIP network more secure. The SBC controls the signaling and media streams of VOIP calls, video, and chat features. It prevents your network from being an entry point for these types of attacks, encrypts the voice channels that also prevents eavesdropping, measures traffic volume from sources, and blocks unusual levels at the individual user level.
Final Thought: VOIP is now considered the standard in corporate America, but to what risk? It is common for new technology and products to be released onto the market without much careful thought to privacy or security. However, when the ease and access to this technology is used in commercial applications, the vulnerabilities are quickly exploited through the sheer number of attacks every business, big or small, encounter on a daily basis. These liabilities expose consumers and have proven very difficult to identify or mitigate. While you shouldn’t fear a VOIP implementation, be sure you have your security measures properly established prior to adding voice services onto your data network. Note that some VOIP providers establish an entirely separate network which is exclusively maintained outside of your IT provider. For questions related to your configuration, or more information on how to properly secure your network contact us!