More and more, Cogent’s customer’s are telling us security issues are what’s keeping them up at night. Whether it’s malware, ransomware or loss of their IP, security is rapidly becoming our number one concern. It’s clear to Cogent that New Zealand businesses are not immune.
When it comes to business voice and communication systems, there are lots of reasons for concern – denial of service (DoS) attacks, eavesdropping, VoIP phishing (Vishing), and toll fraud. Here are some of Cogent’s suggested actions you can take to prevent these things happening to you and your business:
1. Change passwords often
It seems obvious, but not many of us do it. Never use the default passwords for voice mailboxes, system administration, conference bridges areetc., and use passwords that aren’t obvious or easy to guess, such as 1234. Enforce a policy of changing passwords on a regular basis, and when someone leaves the company, delete their mailboxes immediately, and block or delete all inactive mailboxes. Cogent can perform this work as part of regular security in your support agreement, through regular check-ups or onsite support.
2. Restrict user access
Review what sort of access your users have – it may be that many don’t need to access toll calling overseas in the first place. Decide if users are allowed to forward calls off premises or to cell phones. Similarly, decide if you need an incoming trunk to access an outgoing trunk, and identify how to control it. Connect with Cogent to get user access restricted.
3. Regular health checks
Do a health check of your system regularly to monitor and analyze your systems. Work with your vendor or an outside consultant and go through a yearly audit to see if anything’s been changed that might impact you.<\/p>\r\n
4. Regularly check your voice mail and automated attendant systems
This is the most vulnerable area that hackers can compromise and gain the ability to make external calls. Consider disabling the ability to make external calls from the automated attendant system. A misconfiguration in the auto attendant can be an easy target for the hackers, so it’s important to check the system and its security parameters frequently to make sure it’s working correctly. Determine whether your voice mail systems should be allowed to dial out of the voice system itself or dial international numbers, as this is where most problems occur.
5. Monitor calling patterns
Check your voicemail reports, 0800 number usage, monitor valid and invalid calling attempts, look for unexplained 0900 number calls and chat lines. Also be on the lookout for changes in call patterns, such as a sudden increase in wrong number calls, silent hang ups, higher abandon rates, and an unusual amount of night/weekend/holiday traffic – if you get lots of calls on Friday at 2 AM, there’s probably something going on.
Cogent can provide the software to monitor your calls in real time.
6. Stay current
It’s important to have the latest security release. Make sure your phone and voicemail systems are up-to-date and that all current patches have been installed. If you’ve got a service agreement with Cogent we’ll keep your system up to date on the latest version.
7. Upgrade to a newer system
…that has increased security precautions built in. Older systems are much more vulnerable to being hacked, while newer systems and services were developed with security in mind. For example, Mitel’s newer systems and services use 6-digit passwords for voice mail rather than the traditional 4-digit passwords, and will be increasing this to 8 digits in a new release. Mitel’s latest systems also include mailbox lockout by default for new installations, which essentially locks out a user from the system if they enter an incorrect password more than three times.
8. Training and Education
In addition to training your technicians on how to avoid toll fraud, it’s important to also educate your end users about what toll fraud is and how to prevent it. Cogent can provide toll fraud workshops for its partners, as well as knowledge-based articles and tools for customers, to help educate users and partners about avoiding toll fraud and ensuring security.