Most businesses around the world have decided to shift to VoIP (Voice over Internet Protocol) technology from their traditional landline services. Not only that VoIP saves them money from exorbitant call charges, but it also opens up to a massive plethora of features and adds on that they can enjoy.
But there’s a problem. Since VoIP communication uses your internal network and the internet, it is still hackable.
Several sources have reported that hackers are after business data that may include financial information of your company or your customers. Hacking into voice calls and voice mail is also a profitable enterprise. Credit card numbers and other
New York Times reported an incident where an architecture firm, with only seven employees, ran up a $166,000 phone bill in a single weekend.
“Hackers sign up to lease premium-rate phone numbers, often used for sexual-chat or psychic lines, from one of the dozens of web-based services that charge dialers over $1 a minute and give the lessee a cut. In the United States, premium-rate numbers are easily identified by 1-900 prefixes, and callers are informed they will be charged higher rates. But elsewhere, like in Latvia and Estonia, they can be trickier to spot. The payout to the lessees can be as high as 24 cents for every minute spent on the phone,” NY Times reported.
“Hackers then break into a business’s phone system and make calls through it to their premium number, typically over a weekend, when nobody is there to notice. With high-speed computers, they can make hundreds of calls simultaneously, forwarding as many as 220 minutes’ worths of phone calls a minute to the pay line. The hacker gets a cut of the charges, typically delivered through a Western Union, MoneyGram or wire transfer,” they added.
But, VoIP hacking is preventable and mitigable. Let’s explore how can a business protect itself from VoIP hacking and what to do when an attack is happening.
HERE’S WHAT TO DO TO PREVENT VOIP HACKING:
- Check the configuration religiously of your network and make sure protections are in place. These can include firewalls and intrusion prevention systems.
- Have a strong two-factor authentication for administrative access to your network.
- Always update network systems.
- Separate your voice and data systems.
- Establish a Session Initiation Protocol (SIP) to encrypt the signal as it travels through your network gateway.
- Control access by requiring secure authentication by everyone using the network.
- Encrypt voice conversations that may contain financial or personal information.
- Limit what kinds of calls are allowed on the network (by device, by user, and by other restrictions — such as time of day)
HERE’S WHAT TO DO IN CASE OF A HACK:
- Take action immediately. Within the first 24 to 48 hours you need to determine what part of the network was compromised and what information might have been stolen.
- Turn to your VoIP provider to help you determine where the threat resides and how to block that part of the network so it is safe until you can implement a fix that will prevent further breaches.
- Use the response plan you prepared to know which steps to take next. It should include what to tell employees, your board of directors, partners, or investors. If private customer data is breached, you also need to tell your customers, law enforcement, and regulators. If your business is in the financial or healthcare sector, other compliance steps may be required.
- Rely on professional help to restore your business operations, whether by restoring data from backups, adjusting firewalls, blocking IP addresses, or reimaging corrupted machines.
- Instruct all users to change every password.
- Understand what went wrong and how to prevent that action or situation from happening in the future.
Now that you have an idea of what VoIP hacks are, what they cost, how to prevent them, and what to do in case of an attack, you have to let your entire organization now about it as well. Awareness of it can help your company avoid unnecessary charges and keep an unblemished reputation. /apr