New legislation like GDPR has seen companies taking information security much more seriously. But often they spend time and money protecting their networks while overlooking VoIP. It’s easy to think of telephones in terms of older analogue systems, but in the era of IP communication they are just as much part of your IT system as your email or databases.
An IP phone is a sophisticated network device and is therefore just as vulnerable to hacking and tampering as a computer or router. This year’s Singapore summit between President Trump and South Korean leader Kim Jong Un was subject to a hacking attack that specifically targeted IP phones.
The risk of this type of attack is not just that the phone could be used to eavesdrop on conversations. Hackers may also target it as a means of being able to make calls using your account or as a back door into your data networks. Although it isn’t currently used as a major attack route, the potential risk presented by IP telephony can’t be ignored.
Securing Your VoIP
If you are taking advantage of the benefits of wholesale voice termination from a supplier such as https://www.idtexpress.com, then you also need to look seriously at how your VoIP traffic is secured.
Cybercriminals are always on the lookout for valuable information, whether it’s credit card details or sensitive commercial information. If you conduct any sort of confidential business over the phone, you need to take steps to protect the traffic. Using VoIP you have the option to encrypt the traffic so that if it’s intercepted it’s meaningless to the attacker. You can do this at the network level, but you may also want to look at protecting the link between, say, a wireless headset and its base station. Many of the latest hardware devices have some level of encryption built in, but this may only be of a fairly basic standard.
Of course, you also need to ensure you have an appropriate firewall and anti-malware protection in place on the network used for your IP phones. And, as with any system, keep your operating systems and IP software up to date with the latest patches. You should also monitor traffic for suspicious or unusual behaviour that can indicate the system has been compromised.