Phone systems get hacked too!
Unsurprisingly when most business people hear the words cyber attack they think of computers. Global virus and ransomware attacks have become more commonplace and are a constant threat. It’s important to consider the ramifications if this happened to your business and put plans in place to mitigate risks as far as possible. The Cyber Essentials Scheme, backed by the Government, is one approach you might like to consider as a starting point.
However, whilst attacks on systems through your computer network are a key risk you should also consider threats to your business through phone systems. Security of any telephone or computer system is a balance between ease of use and protection. Typically, the easier to access and use, the less secure a phone system could be. If you have failed to update your systems and/or have inadequate security protection and policies you could be vulnerable to attacks, leading to significant financial loss.
Types of phone system threats
Unfortunately, unlike company data networks, which are protected by firewalls, phone systems are often left unguarded. As a result phone system hacking, phreaking and phishing are constantly in the news.
Hacking is gaining unauthorised access to data stored on your phone systems. Hackers can listen in on calls and steal sensitive information about your business and your customers.
Phreaking is the practice of hacking into phone systems particularly with the intention of making free calls, often using robocalling and auto-dialing software. It can also be described as toll fraud when calls are made to long distance or premium rate numbers to generate extensive income for criminal activity. Typically this activity takes place whilst your offices are shut, overnight, during the weekend or holiday periods. In severe cases this can rack up thousands of pounds in call charges. Protection costs a lot less than the calls a phreaker will make in a few hours.
Finally phishing is the use of fraudulent phone calls to trick staff into revealing important information about your company or to obtain money. For example, Caller ID isn’t always a reliable way to verify the person calling you. Attackers can use fake caller IDs to fool staff into revelaing important information. Ensuring staff are aware of these types of practices will help them become more vigilant.
Here are some useful measures to bolster your security and help prevent criminal activity:
Understand your estate
This includes any legacy operating systems that your business is running and which security systems you have in place for protection. Think carefully about their vulnerability and consider, for example, whether you should upgrade to a cloud based phone system.
Understand your network connectivity. Which servers connect to which? If your business has a VoIP phone system then it is reliant on an internet connection and could need further protection. VoIP phone systems are susceptible to the same kind of attack as your internet connection and emails.
Almost every business also has some business mobiles. Smartphones are vulnerable to the same virus, spyware and phishing threats as your computer. There are also some unique risks that can affect mobile devices. Installing virus software on your phones can help protect against certain risks.
Document your exposure and put plans in place to mitigate risks
Document in an easy-to-access plan exactly which cyber defences you have in place and where your areas of risk/exposure are, and then do something about that exposure.
Regularly check call logs and history. You can also set alerts if you go over a certain limit so that you’ll be notified of unauthorized use sooner rather than later.
Be wary of downloading apps
Only download them from dedicated app stores which include iTunes, Amazon and the Android Market. Have a strong password and use encryption. Ensure you are running the latest version of the operating system.
Phone system password protection
Devices and services can often easily be hacked due to poor passwords. Research has shown that the most common PIN numbers are “1234” and “0000”. Beware using personal information too like date of birth as this can be known or easy to guess.
Of course, simple measures in this respect are to choose stronger passwords and ensure they are changed regularly. Make your voicemail pin number longer as most systems will accept eight digit numbers and some as many at 15.
On a lot of phone systems, the pin number is only there for remote access to your voicemail. If you do not need the feature, then do not have a pin number, or at least have a very long one.Please note you will need to check Hunt Group voicemail as well, to see if they have a similar pin number or callback access feature.
Password managers like Lastpass, Keeper, Dashlane and Bitwarden can be useful tools for generating and managing passwords from both a personal and business perspective.
Consider number barring
If you do not need to dial premium rate numbers e.g. 0906xxx etc., ask your phone system provider if it is possible to bar these numbers so the phone system cannot dial them.
Staff training and access
Making your staff aware of these criminal activities and ensuring they understand processes and practices for mitigating the risks is also key. Ensure the right staff have the right access to the right systems.
Choose a reliable phone system partner
A secure phone system is best provided by a reliable phone system provider. With iCS you can rest assured that we have both the experience and the expertise to help you reduce any potential risks or threats.
Get in touch for further support
Depending on your system use the guides below for hints and tips on setting up your system and password protection.
Contact iCS on 0800 9 77 88 99 or email us to discuss your specific requirements further.