While businesses go to great lengths to protect their IT infrastructure against cyber criminals, there is one vital aspect of business security that is so often overlooked – effectively securing your telephone system.
Telephone fraud is not the most commonly known form of attack, and you’d be forgiven for thinking it’s not something that happens often in the UK.
In actual fact, phone fraud - or toll fraud - is on the rise, with the UK one of the top five most targeted countries in the world and an estimated 84% of UK businesses at risk of an attack.
Toll fraud can have the same detrimental effects on a business as cyber attacks, including reputational damage and financial losses. Therefore, taking measures to protect your phone system is vital.
What is toll fraud?
Toll fraud typically occurs when a hacker uses an IP scanner to search the internet and identify publicly facing phone systems. They use brute force attacks or even default vendor passwords (such as admin/admin) to gain access.
Once in, hackers will set up diverts and calls to expensive international destinations and take a slice of the revenue generated from these calls.
In most cases, this goes undetected and businesses only find out that it’s happened when they receive their next phone bill. By then it’s too late and hackers have potentially run up tens of thousands of pounds in fraudulent calls. And guess who’s liable for covering the costs of such bills – you are.
Hackers can gain access to your network in seconds whether you have an analogue, digital or IP based phone system. However, it’s important to remember that SIP trunking exposes your phone system to IP level threats, which means you need to think about protecting yourself against these kind of attacks.
Ensure your IP phone network is secure with these top tips…
7 ways to prevent SIP trunk fraud
- Set spending alerts: Contact your SIP trunking provider to set a spend threshold that will generate alerts once the limit has been reached.
- Create complex passwords: Change all your phone system’s default passwords to unique, secure passwords. Use a minimum 10-character mixed case password with a combination of letters, symbols and numbers. You should change default usernames where possible too. Also remember to change your passwords regularly, including voicemail mailbox, extension and remote access passwords.
- Have a call barring plan: Where possible, bar outgoing international or premium rate numbers. And bar outgoing calls outside of office hours – bank holidays, weekends and other out of office hours are prime times for hackers to try and access your phone systems. Also, block any suspicious incoming phone numbers to stop callers from gaining access to your information.
- Disable unused features: If you don’t use certain features, such as conference calling facilities, disable them. At the very least, disable them for the extensions that do not make these types of calls. If they are needed, consider setting destination restrictions, so only certain destinations can be dialed.
- Review phone logs and statements: Regularly checking call traffic to and from your business will make it easier to pick up any anomalies that could be fraudulent. Checking your bills thoroughly will also alert you to any suspicious activity. Node4’s hosted collaboration customers can use our Call Reporting and Analytics service to analyse and report on call traffic.
- Set up a firewall: A firewall or SBC will prevent your phone system from being exposed directly on the internet, keeping it private and secure. This includes management ports as well as SIP ports.
- Use a SIP trunking provider who prioritises your security: Here at Node4, our ISO 27001 certification ensures that we meet stringent control requirements for our SIP platform to offer our customers the highest possible level of quality and security. We are also members of the Internet Telephony Service Providers Association (ITSPA), which provides further information and recommendations on deploying IT telephony.
Find out more about our SIP platform.