Everyone’s talking about cyber security – so we asked the question ‘how secure is VoIP telephony?’
Every week, it seems, there’s another hack or cyber attack that proves just how hard it can be to secure your data. The biggest of the more recent hacks was the release of a tranche of malware – computer programs that are used to gain access to remote systems or bypass in-built security measures.
The worst part of that particular hack was that the malware is almost certainly the property of the US National Security Agency – which is supposed to be one of the most secure, and up to date agencies in the world.
So if the world leaders in cyber security can’t keep a lid on their own servers, what chance do the rest of us have?
The good news is that because your small business is far less likely to be a target for hackers than the NSA, there are a number of simple tips and tricks to help keep you and your business secure.
But there’s one area of cyber security that people don’t seem to be talking about very much – we’re all concerned with keeping data and passwords and bank accounts safe… but what about if you’re using Voice over Internet Protocol (VoIP) phone systems?
How do VoIP systems work?
The basis of VoIP technology stems from the way the internet itself works. The vast network of computers, servers and routers that drive the internet are more than capable of handling voice calls, in much the same way as the old telephone systems used to do.
The big difference, however, is that the older-style set-ups relied on seriously expensive switchboards, PBX systems and other bits and bobs on the network – which were effective, but were also massively expensive to maintain.
When VoIP technology was introduced, it changed that landscape significantly. Most, if not all, of the maintenance costs virtually disappeared from the small business bottom line. But further innovation in recent months has changed things for the better, all over again.
So there’s a solid business case for making the switch – provided you’re certain of the security of the VoIP product you’re buying into.
So… are they secure?
We spoke to Jon Cleaver, the Chief Commercial Officer for MyNetFone, which owns and operates Australia’s largest VoIP network, and asked him about VoIP security.
“VoIP technology enables you to make and receive calls over the internet, using the network of a VoIP provider, instead of using a traditional telco,” Jon said. “VoIP networks can be highly secure and protected by modern cyber security and threat detection technologies.”
“To ensure you get top-notch security, it is important to choose a credible and established provider and ask them what anti-fraud measures they have in place,” he continued.
There are genuine security threats associated with using VoIP phone systems, but as Jon points out, those risks are pretty much the same as the risks you run simply being online.
“VoIP means that your office phone system is connected to the internet, and like any internet connected device, it can be ‘hacked’ if it is not protected,” Jon explained. “Overall, security will depend upon your provider and your own common sense. ”
“In the first instance, it is always recommended to change default passwords on all internet-connected devices to secure your office network,” he said. “Credible providers will use network security measures: encryption, authentication, authorisation and firewalls. MyNetFone has gone further than most by investing in technology that helps detect threats in real time.”
Real time threat detection is one of the strongest protection methods for networks currently available. By monitoring traffic throughout the network, and actively looking at any unusual activity – such as a spike in traffic, or unusual ports on the server or other equipment being accessed – real time threat detection is broadly similar to employing a full time security guard to catch bad guys in the act, rather than installing a camera system and waiting for a crime to be committed.
“For business, the main threat is ‘toll fraud’ – where hackers take over your office phone system to make calls without your knowledge, often to foreign numbers that they control,” Jon said. “You’ll get a huge bill – and they’ll make easy money. There are cases of companies being left with bills of $100,000 from toll fraud.”
It is relatively easy to protect your VoIP system from that sort of issue – and there are plenty of off-the-shelf security solutions available. However, it can be quite a technical job setting it up properly, and one small mistake could leave your business vulnerable.
“If you choose to DIY phone system security, you’re choosing an endless stream of updates and security patches,” Jon explains. “It can be complex and costly.”
“The best alternative is to choose a ‘hosted’ or ‘cloud’ phone system – such as the MyNetFone Virtual PBX – secured, monitored and maintained by a credible VoIP provider,” Jon says. “Of course, you should still follow common sense security steps like changing default passwords and securing your office network.”
“MyNetFone customers have the assurance of Toll Shield – a technology that uses machine learning to pinpoint toll fraud with greater speed and accuracy,” Jon says. “It’s like a Rottweiler that can tell the difference between a burglar and the postman. This technology was developed in-house and has won several industry awards.”
Steps to safety
Jon went on to explain that there are a number of steps that all small business owners should be taking in order to avoid exposing themselves – or their data – to the bad guys.
Jon says the most important steps SMB owners should take to maximise their online and VoIP security are:
Change default passwords on internet connected devices – Your router is like your front door and the passwords are the keys. Default passwords are widely available online. So protect your network by changing the locks: replace the default password regularly.
Disable remote access – while it’s a convenient way manage routers over the internet, it can also be used by hackers to change settings and steal your VoIP login details. Either disable it, or configure a firewall to restrict access to trusted sources only.
Wireless networks – to stop unknown users jumping on your connection, hide your Service Set Identifier (SSID) and use WPA2 encryption. The SSID is the name that shows up when someone looks for nearby wireless networks. If you hide it, no one will know that it is there. If you don’t want to hide it, then change it to a unique and non-descript name. Meanwhile, the WPA2 encryption is currently the most secure and recommended way of protecting your wireless network.
Network security – Configure and use a Firewall and credible Anti-spyware or Anti-virus software.
As with just about anything to do with the internet, provided you’re taking these sorts of steps, you will most likely never have even a whiff of a problem. As technology changes, and the public demand for bigger and better security around data and networks grows, teams of engineers are working hard to make life as difficult as possible for hackers and cyber criminals.
And there’s even a silver lining to the hackers as well. Recent news has focused on the rise of the so-called ‘white hat’ hackers – ethical computer experts who perform penetration testing on new products to make sure there are no security holes that the bad guys (known as ‘black hat’ hackers) can utilise.
This has itself spawned something of a global industry, as the big players – such as Microsoft, Apple and even Facebook – are offering bounties to people who discover security flaws with their products, and report it to the company.
‘Bug bounties’, as they are known, can mean thousands of dollars for anyone with the time and the technical knowledge of how to find them – which means that even if there’s a security issue with a network or system you use, it’s odds-on that someone will find it, and claim the reward from the company involved.
However, at the end of the day, most data breaches are the result of human error, or poor security protocols inside a business – but if you’re paying attention, follow the steps Jon outlined, or you’re happy to place control over monitoring your system to a trusted service supplier, it’s unlikely that you’ll ever have a problem with a VoIP system at your business.