Staying Secure with Cloud Phone Systems
It’s fair to say that at the beginning of the first lockdown, the need for suitable IT and phone systems for remote working was of paramount importance.
Unfortunately, due to the speed at which lockdown was implemented, this caught many companies unawares. One study discovered that many systems did not have proper security controls in place, leaving the door open for hackers to exploit any weaknesses.
Here are three signs that your phone system has been hacked:
A sudden increase in phone bills
If you suddenly notice your phone bills going up significantly without any corresponding change in the calls you’ve been making, you’ve most likely been hacked.
While this might not look like a big deal, it is: there have been cases in which companies racked up as much as 34 years worth of phone bills in a weekend due to being hacked.
Unknown numbers in call history
Performing regular audits of your call history is one of the main ways to quickly discover if you’ve been compromised: if you begin to notice calls to strange numbers, particularly internationally, you should pay careful attention. If these strange calls become more frequent, you’ve most likely been hacked.
A significant increase in the number of weekend and off-hour calls
You know you rarely use your phone system on weekends or during off-hours but all of a sudden start seeing signs of calls being made on your phone system around that time. There’s only one explanation: you’ve been hacked.
Insecure systems lead to more phishing attacks, exacerbated by workers using their personal devices for work purposes, and their work devices for personal use. In the US, nearly half of remote workers had been targeted by phishing emails with malicious links, texts or calls, and it was a similar picture around the world.
What are the additional cybersecurity risks for mobile working?
The problem with mobile devices is that they’re mobile. This means you’ll take them to public places where they’re not only more vulnerable to theft or loss but also open to being overlooked. If sensitive information is on the screen, it could be seen by anyone else who happens to be in the vicinity. And if a staff member is in a public place and steps away without securing their device, then they’re leaving it vulnerable to tampering.
Installing secure systems
With many companies choosing to work and store data on cloud-based business solutions, there is a need for secure and reliable connectivity. By installing high-quality communication solutions that are suitable for your operations, you will not only be getting systems that are fit for purpose and that will save your company money, you’ll also be installing secure systems.
The use of VoIP phone systems has surged due to COVID-19: several internet service providers have reported an increase in VoIP usage of between 44 to 88 per cent.
The bad news, however, is that attempts to hack VoIP phone systems have increased as well: data from RedShift Network shows that enterprise customers experience at least 40,000 different VoIP/SIP attacks on any given day.
If you don’t have strong VoIP security, your IP telephony system might be compromised.
Protecting your VoIP phone system
You can secure your VoIP system by:
- Enabling your VoIP’s anti-hacking feature (3CX has a built-in anti-hacking feature).
- Fraud Monitoring – Flip Connect includes Call Activity Monitoring, Geographic Blocking, Call Cost Caps with all 3CX hosted packages.
- Use strong and secure passwords for both your IP phones and administrative interface.
- Use a firewall to restrict traffic from non-trusted networks.
- Harden the operating system to prevent unnecessary services.
- Upgrade OS and VoIP phone firmware regularly (3CX’s makes this easy with its firmware upgrade feature).
How to ensure your data is secure
The National Cyber Security Centre (NCSC) supports UK companies with all aspects of cybersecurity and issues practical guidance that will help keep your systems safe. Over the past few months, the NCSC has updated its advice to include security for home and mobile working. It has also developed a free toolkit - Exercise in a Box - that helps businesses test their cybersecurity through role-playing exercises. NCSC has produced a number of these toolkits, but the latest concentrates on situations that may arise as a result of home and remote working.
Other security controls must be put in place to protect your system from the risks of mobile and remote working, including staff training and education. Your staff need to understand what their responsibilities are in this respect. And you must also have procedures in place for reporting breaches and issues.