Safeguard your cloud phone system from hackers
The move from analogue or on-premise phone systems to hosted or cloud calling has been one of the most successful mass adoption curves in telecoms in the past 10 years. Cloud calling has transformed and reinvented itself dramatically over the past decade to what it is today with a range of various platforms and service providers to choose from. However, it’s sensible to understand the risks associated with that move and how to prevent them.
The benefits of moving to VoIP are well documented, but one risk of the technology is security. If we travel back in time, you likely had a PBX in a cupboard somewhere in the office, your IT manager or local IT firm managed it for you and it was connected to a physical phone line or ISDN. The system could still be “hacked” but it was behind a firewall and all your handsets were sat in the office, safe and sound.
One of the main advantages of cloud calling is it moves your PBX into the cloud allowing you to leave the office and still make business calls. You can be in London one day making calls and in Aberdeen the next with an identical experience. This flexibility to move location and make calls on your handset, mobile or laptop is exactly what’s needed in today’s hybrid working world, however it means that your hosted VoIP service can be at risk of being hacked. All your devices are now connected to your cloud PBX on the internet making and receiving calls, so it’s really important you understand how to secure your cloud phone system.
How can my cloud phone system get hacked?
You may ask, “Why do people want to hack or access my PBX?”
It’s a good question and the main reason is for profit. Your cloud PBX has the ability to dial hundreds of numbers at once which gives a hacker the ability to ring numbers that generate revenue, multiple times in fast succession. There are ranges of international and premium-rated numbers where the number’s owner receives revenue every time someone calls it. All the hacker needs to do is access one of these numbers, hosted abroad; they can dial into the number and make themselves hundreds, thousands or even tens of thousands of pounds in pure profit.
“But how can I stop this from happening to my business?”, you ask. Let’s go through our top tips to protect yourself from this risk.
Cloud-based phone systems allow you to dial from anywhere and pretty much any device. This is its a major strength. But it’s also its biggest risk; luckily it can be managed easily. Firstly, your cloud phone system login, often called “SIP login” is probably as important as your bank password – so keep it secure and make sure your vendor hasn’t given you something that is easy to guess … I have seen people with “SIPpassword” as their password!
The reason this is so important is because if a hacker gets your username and password, they’ll have full access to your system. They can be sitting on a beach, somewhere else in the world, dialling premium-rated numbers and when you wake in the morning you would have a very large bill.
Losing your roaming devices like your handsets, mobiles, tablets and laptops can also be a major risk, but your routers, theoretically safe in your offices, also need to be considered. Ensure that all your devices are not logged in using factory default passwords. Hardware vendors will ship a phone with a default username and password, for example ‘admin’ and ‘admin’ as a favourite to make setting up the handset easy. This means if a hacker gets onto your network, they can access the phone easily, start dialling and you’ll again end up with a very large bill in a matter of hours.
So it’s important to look through your entire hardware estate and ensure that all have unique passwords, ideally per device or if it’s a shared password make sure that it’s secure with random letters, numbers and special characters.
As cloud calling has reached mass adoption, we’ve seen the market fill with providers. To many of them it’s an extra service to their portfolio or not really their core focus. This means they are unlikely to understand the risks to them or you. It’s important your Cloud Telephony provider understands the risks to make sure you’re both protected. This includes providing a secure platform with fraud monitoring, along with automated spending caps or limits on your account – this way, if the worst happens and a hacker does access your system the damage is limited. If your provider can’t show you how they can protect you from fraud, it may be best to walk away.
As mentioned above, one of the simplest ways to protect your cloud phone system from fraud is to set a sensible spend limit to your account, meaning that if your system and account is compromised, the impact to your business is minimal.
Regardless of the risk, cloud calling is the best way to make and receive calls nowadays, so if you’re still holding onto your on-premise PBX it’s definitely time to consider changing over to a cloud phone system; but make yourself aware of the risks, secure your system and devices and partner with a provider who understands these risks and builds protection in as standard.
Windsor Telecom is always here to advise and help with the move to Cloud Telephony or help you assess whether your system is secure enough for the modern world.