ALEX DESBERG Sales and marketing director, Ohio.net
INTERVIEWED BY HEATHER TUNSTALL
Security is always a concern when it comes to technology and communications, but recent high profile hacks have brought the issue to the forefront. It has become clear that corporate telecom systems are not immune to these threats — they are often targets. “Whether it be IP-based or traditional telephony-based, this is what connects you to the outside world and how people know you by voice,” says Alex Desberg, sales and marketing director at Ohio.net. “Security is very important not only in terms of liability and loss, but also in terms of your public image.”
Smart Business spoke with Desberg about common threats to corporate telecommunication systems, how to identify them, and how to offset the risk of security breaches.
What are some common threats and how do they affect enterprise communication systems? Users are actually the biggest threats; having things like a voice mail password that is the same as their extension, or birthday, or something guessable creates real problems. Most sophisticated phone systems can redirect calls through voice mail. If someone can guess your password, they now have access to your phone. People have figured out how to dial into an existing phone system, commandeer phone lines and start making international phone calls. That practice is a multimillion- dollar business for people who can create pseudo-calling card services and allow others to call internationally on a corporation’s dime. That happens regularly both on Voice over Internet Protocol (VoIP) phones and traditional phones. It’s referred to as coming through the front door, which means dialing the number, getting into someone’s voice mail, gleaning the four- or six-digit code, reaching an outside line and making phone calls.
What steps can be taken with VoIP to mitigate risk? As technology has progressed, so has security. When done correctly, VoIP becomes more secure than a traditional phone system. It uses security processes that are very similar to those in the world of data; just like servers and accounts can be secured, so can the servers and accounts of phone systems. Front ending any decent VoIP system right out of the box should include a superior-grade firewall.
Get our Free E-Book!
Gain in-depth insights into the importance of keeping your phone system instep with your business’ growth. This free e-book covers how VOIP provides “Scalability” to you phone system, allowing you to adapt to your business’ ever-changing needs easily and cost effectively.
Is front door hacking more prevalent than back door hacking, and is there a difference in the level of threats between the two? Most often, front door hacking is done to make money. Back door hacking is more malicious, designed to wreck or learn more about systems. If you take down a company’s phone system because you’ve hacked the back end, you’re essentially putting it out of business. Conversely, front end hackers don’t want to be recognized. Often a front door hack will go on for a month before a company gets its first phone bill and realizes something is wrong.
How can companies mitigate that risk and secure their systems? It’s important to diligently monitor call logs. VoIP systems have a lot of data associated with them and if it is analyzed via call records it becomes clear when a phone system has been compromised. It then becomes easy to protect because statistical anomalies or changes in normal usage are more apparent. There are flags set up for international calling as well as attempted access to phone systems from international IP addresses. To thwart back door hacking, companies can use intrusion detection, firewall and access list, as well as the ability to lock access via IP address.
How can business owners make sure their system is secure? Address it upfront with the provider and make sure that they have operations in place that allow for security, then identify protocol for dealing with a security breach. The rest is all the simple stuff. Don’t let anyone use their extension as their password for their voice mail box and make sure its nothing common. Also, call redirection or a zero-out to an operator can go to any other phone number. If you don’t have need for that ‘press zero’ function, take it out. Finally, be careful what you download from the Internet.