Blog Layout

Making Your VoIP Network Bulletproof (Six Tips to Protect Your VoIP from Cyberattacks)

Apr 15, 2022

Hardly any phone call system in a business beats VoIP when it comes to efficiency and flexibility. However, it’s not immune to cyberattacks. Discover how you can secure your VoIP ASAP.

What kind of communication system are you using for your business?

I asked because many modern-day businesses have now switched to the Voice Over Internet Protocol (VoIP). This technology allows employees to perform voice calls using only their internet connection.

It’s often a wise choice considering that using VoIP comes with several benefits to a business.

Among its benefits include lower operating costs, greater convenience than traditional services, increased accessibility, higher scalability, and the ability to multitask. VoIP also comes with advanced features for teams of all sizes, is completely portable, and offers superior voice quality.

However, VoIP systems also have limitations, with cyberattacks being their number one downside.

The good news is that it’s possible to protect a business’s VoIP system from hackers. And if you already implemented this in your business, it’s not too late to secure it.

Read on to discover the most common threats to your network and tips on preventing them.

The Need for VoIP Protection

All VoIP systems require a stable internet connection to function properly. Unfortunately, their reliability on the internet makes them vulnerable to various security issues.

Some of the most frequent ones include:

Security Issue #1. Denial of Service

Denial of Service (DoS) is a common threat to VoIP systems comprising attacks designed to shut down a machine or network and make it inaccessible for use.

When this happens, legitimate users of VoIP technology may not be able to access their information systems and devices. And call centers can be affected by lower call quality, uptime, and latency.

Security Issue #2. War Dialling

War dialing is an attack that controls the company’s private branch exchange (PBX) and scans for other phone networks. This means hackers can dial numbers and connect to modems and other extensions.

Security Issue #3. Toll Fraud

Toll fraud is a threat that consists of making calls to outside lines from a company’s existing system.

For example, hackers will dial costly international numbers intending to rack up toll charges to your business.

Security Issue #4. Phishing

This is a common threat wherein attackers send fraudulent messages designed to trick victims into revealing sensitive information. Often, the unsuspecting victims would divulge information about passwords, internal IP networks, and similar data.

Security Issue #5. Malware

It’s a threat where attackers install malicious software via email or phone. A file or code gets delivered over a network and has the goal of infecting, stealing, or exploring the information contained within a system.

After infecting the system with malware, VoIP hackers can enter your network and access critical business information.

Security Issue #6. Call Interception

The call interception attacker uses unsecured networks to intercept the Session Initiation Protocol (SIP) traffic that serves to initiate, maintain, and terminate real-time voice and video sessions.

A victim of a call interception attack can be redirected to another line hosted by the hacker, for example.

6 Tips for Boosting VoIP Security

Given the variety of threats imposed by attackers on VoIP systems, it’s necessary to optimize your VoIP security ASAP.

Here are 6 valuable tips to get you started.

Tip #1. Set Up a Firewall

Secure firewalls are necessary for all VoIP systems. It’s important to make your VoIP software and hardware firewalls scan information that goes in and out of the system and ensure it’s secure.

If spam or a threat comes your way, the firewall will identify and gain control over it, shielding your system shielded from the attack.

Also, a good firewall will allow the data packets you send to travel unhindered.

Tip #2. Use Strong Passwords

Your VoIP system is no different from any other software or platform you use for handling sensitive information. For this reason, it needs to be protected with strong and regularly updated passwords.

Aim for combinations of at least 12 characters, including numbers, upper- and lower-case letters, and special symbols. And for ultimate protection, go for passwords consisting of a random character series.

It’s crucial to set a password as soon as you configure your VoIP system. Otherwise, you’re likely to forget about it later.

Also, remember that some VoIP phones come with pre-set passwords, often available publicly. That’s why you should change yours as soon as you get a chance.

Ideally, try to change your passwords every three months.

Tip #3. Restrict Calling

Many VoIP attacks happen due to toll fraud. So, if your business runs locally, there’s no need to have the international call option enabled. This allows you to be on the safe side and avoid paying expensive bills you weren’t even responsible for making.

You can let your VoIP service block 1-900 numbers to avoid toll fraud.

Tip #4. Encourage Your Team to Report Suspicious Behaviour

Many of the VoIP attacks arrive due to irresponsible behavior. To prevent this from happening, educate your team on how they can best do their job without affecting the system’s security.

For starters, they should know how to spot unusual network activity, handle passwords, and report suspicious behavior. They should also report ghost calls and missing voicemails whenever received. Staff also shouldn’t store voicemail for too long.

The reality is that sometimes, cybersecurity training during onboarding often isn’t enough. That’s why you should do periodical training to keep your VoIP safe at all times.

Tip #5. Deactivate Web Interface Use

Ideally, you should deactivate the web interface used for your VoIP system.

Why?

Using phones on a desktop computer opens an area of weakness to attackers. It’s enough for a single phone user falling prey to leave the whole system exposed to an external party. All your data can be stolen in text format as a result.

So, unless it’s absolutely necessary for you to use the web interface, be sure to secure it very strictly.

Tip #6. Use a VPN for Remote Workers

Virtual Private Networks (VPNs) are great software that encrypts traffic regardless of your employee’s location.

You can set up such a network for your remote staff to prevent data leaks and breaches. The good news is that using this service won’t degrade the call quality.

(Re)Gaining Control Over Your VoIP Security

VoIP systems are a fantastic alternative to landlines. After all, they offer many more features and flexibility at a fraction of the cost. However, their reliability on the internet also makes them susceptible to cyberattacks.

If you have just set up a VoIP system for your company or are thinking of starting one, securing it should be your number one priority. Don’t risk falling prey to toll fraud, malware, phishing, and other attacks. Take some time to secure your business by following the tips from this article.

And if you need more help to implement these changes or would like to further discuss securing your business’s VoIP system, reach out to us and we can set up a 10-15-minute chat.

 


Featured Image Credit

Security Lapse by Microsoft Employees Exposes Internal Passwords

26 Apr, 2024
In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T experienced data breach that impacted 51 million customers (No one is immune)

26 Apr, 2024
AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home Depot Data Compromised Through Third-Party SaaS Misconfiguration

26 Apr, 2024
Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.
More Posts
Share by: