The information voip security threat vector is complex, and evolving quickly. Price waterhouse Cooper research reveals that security incidents have grown 66 percent over the past year, as measured in compounded annual growth rate (CAGR). IT professionals and business owners are realizing the importance of a comprehensive approach to information security.
While voice-over-IP (VoIP) telephony is not inherently a security risk, it’s important to be aware of vulnerabilities in any connected device, including VoIP phones. Any connected device, including VoIP phones, mobile devices and computers, can present a potential point of entry into your businesses’ network for cyber criminals.
Scary VoIP Security Mistakes
Security Consultant Paul Moore recently discovered a common security flaw in VoIP implementations. ITPro writes that after observing a series of implementations, he noticed businesses were neglecting to change vendor-set passwords from “default,” “admin” or other easy-to-guess, pre-loaded passwords. Despite the fact the phones were from well-known manufacturers and vendors, neglecting to change the default passwords left a massive vulnerability in businesses’ systems.
It’s easy to vow that you’ll change your password “later,” and then fail to do it. However, this simple mistake can cause your VoIP to become a hacker’s dream for making unauthorized calls, eavesdropping or other criminal activities. Join us as we review important VoIP information security safeguards, to help you reduce your organizational risks.
1. Change Passwords Immediately
During the installation of new phones or at any point in time where phones are restored to VoIP settings, organizations should immediately change phone passwords. As Hacked writes, even if phones with default passwords are placed behind a firewall, they can still leave massive vulnerabilities in a business network.
Password policies are an important part of information security procedures and awareness within an organization. By ensuring that your employees’ use unique and well-crafted passwords and change these codes on a regular basis, you can significantly decrease your chances of unauthorized access by cyber criminals.
2. Segregate Virtual/LAN Networks
Network World writes that less than 30 percent of organizations properly segregate their networks, which is a relatively simple form of basic network protection. By segregating your virtual networks by business use, such as placing security drivers in one network and VoIP phones in another, you can limit a hacker’s access to protected information even if they gain access to your network.
3. Check Your Firmware
Firmware is defined as software that is programmed into connected devices, including VoIP phones, routers, printers and other hardware. A common action hackers take when they gain entry through phones or other devices is to upload new firmware, overwriting the device’s original content. Organizations must monitor their firmware to ensure it is up to date and sufficiently protected against the latest security threats. While firmware shouldn’t be your only line of protection against hackers, it’s an important one.
4. Communicate with Your Vendor
Optimally, your VoIP vendor should be every bit as concerned about information security threats as you are. If you are in the process of evaluating or switching VoIP vendors, ensure your new provider will place an appropriate degree of focus on protecting their clients. This can be especially crucial for small and medium-sized businesses (SMB), who may not have on-staff information security experts. By hiring a vendor you can trust, you may gain access to expert advice on best security practices for implementation and upgrades, in addition to purchasing phones and routers that will safeguard against cyber-crime.
Organizations that adopt VoIP are not necessarily at increased risk of information security attack. However, VoIP adoption does lend additional considerations to comprehensive security practices within an enterprise. By understanding the latest VoIP security threats and common mistakes that organizations make, you can safeguard against emerging forms of cyber-crime. By evaluating your passwords, firmware, area networks and vendors, you can ensure your VoIP is secure.