08 Aug Telephone Fraud – Is your system secure?
A few years ago, if you had been asked how secure is your phone system you would have most likely checked if it was bolted to the wall or the room it was housed in was locked. Now the question is more about how you can secure or limit the impact of your system being hacked.
Organisations that own their own PBX phone systems, be it ISDN or SIP, are always at risk of having their system hacked and becoming a victim of fraud. This typically occurs where a third party gains unauthorised access to a PBX and uses it to make calls to international premium rate numbers that they make a profit from. In most fraud instances a business will be targeted when it is most vulnerable such as evenings, weekends and public holidays when the majority of offices are closed or have reduced staffing levels.
According to a recent Talk Talk Business survey of 1,000 British businesses, 27% reported being the victim of a PBX hack in the last 5 years. Of the businesses that were hacked, they reported the average cost to their business was £12,126.
So how can you minimise the risk of PBX telephone fraud?
There are steps you can take to reduce the risk of telephone fraud, the specific actions you will need to take depend on the exact make and model of your phone system and how it is set up.
- Set up stronger Voicemail passwords and make sure you change them regularly
- Limit who can make international calls. The same applies to limiting access to premium lines. This will stop the criminals being able to call out from that extension.
- Place a block on out of hours calls or calls during night time or over the weekend.
- Make sure you regularly update your PBX software.
Another option is to implement an IP Voice solution.
In addition to being able to manage calling profiles on a per user basis, an IP Voice solution enables organisations to take advantage of intelligent features like Spend Management. Whilst Spend Management doesn’t prevent fraud, it does monitor spending 24/7 and can prevent calls once certain predefined thresholds are hit, say 80% of agreed spend.
This solution alerts system administrators via SMS and Email and if the increase in traffic is genuine due to an outbound sales campaign or other seasonal demand the threshold can be increased. This feature also allows the system to be disabled once the agreed threshold limit is breached giving you peace of mind that any charges incurred from unauthorised calls are kept to a minimum.
When implementing a VoIP solution we also recommend segmenting your Voice traffic from other network traffic. This can be done by either implementing VLANs or installing a separate connection for voice. Separating the traffic has 2 key benefits, you can prioritise voice traffic ensuring Quality of Service (QoS) additionally if a hacker gains access to your data network it will be very difficult for them to access your VoIP network.