As the excitement for the Olympic Games starts to build, many companies will be turning their minds to the impact this great event will have on their businesses and workforce, especially those in London. While there will be considerable effort to keep the city moving for commuters there is no doubt that the daily journey to and from work will be affected as will business meetings.
Last year the British Government started urging businesses in the capital to look at remote working in preparation for the Olympics. Ministers asked them to look at ways of encouraging their workforce to use different modes of transport into work (on bike or foot), or to stay at home, avoiding delays and thus the impact on a productive working day.
To achieve this many will utilise the wonders of cloud computing with access to remote files and ability to share information with colleagues. One would imagine that many IT departments have already set up safe and secure private clouds and connections to protect company data and information that is being accessed remotely.
And many will take this a step further by setting up VoIP communications to enable staff to participate in telephone calls and video conferencing at a much reduced cost. However, in what is anticipated to be a last minute rush to free up resources and increase efficiencies many businesses will overlook the fact that VoIP security is just important as data security and fail to implement the appropriate safeguards. This risk is exacerbated by the fact that there are still some system integrators and even VoIP service providers that have not yet grasped its importance.
It is likely that criminals will take advantage of this exceptionally busy time to carry out a number of organized attacks on businesses. Poorly protected VoIP systems are especially vulnerable. There are a variety of tools that can be downloaded and/or purchased in Europe to attack VoIP networks as well as cellular networks and they are relatively cheap and easy to use for the motivated criminal.
The risks range from hacking of both IP and GSM networks to eavesdrop crucial business conversations, (despite the various operator’s assurances cellular networks are demonstrably vulnerable), through running tools such as SIP Vicious that scans the Internet and locates unsecured IP phone systems. These systems are then targeted with call fraud attacks. Call fraud attacks are a growing problem with some attackers running premium rate frauds which can cost the victim thousands or pounds.
These frauds operate by setting up a premium rate number in a country with a poorly regulated telecoms service, then forcing a compromised VoIP system to make multiple calls to that number and pocketing the profit. Call frauds are often not noticed until the businesses are presented with a substantial communications bill at the end of the month.
While these risks are real, good security practice can manage the risks and deliver the benefits or VoIP technology.
First of all secure your VoIP communications. No one would think of running data applications over an IP network without adequate security, VoIP needs at least the same level of security. The single most effective security measure is to employ a specialist SIP security gateway rather than relying on a standard data firewall. The security threats facing VoIP are application and protocol specific and need targeted countermeasures.
A general purpose firewall will not offer adequate protection against these threats, and worse, attempting to force VoIP through a Firewall can compromise data security. A good VoIP security gateway can protect VoIP services from IP level security threats and offer call fraud protection. In addition, when used with a suitable VoIP app the same security gateway can provide a low cost but effective call encryption service for mobile phones.
Secondly, ensure that your VoIP system integrator or service provider is aware of the security issues facing VoIP and offers realistic advice on how to counter the threats. Too many providers and integrators gloss over the problem or claim that they use dedicated links for SIP trunk services to avoid external attacks. This common response overlooks the fact that much of the benefit of VoIP is the flexibility it offers for remote and mobile working.
Security requires some investment, but compared with the benefits that VoIP can deliver, the investment is modest and affordable. A well designed VoIP Security product not only protects you from the risks of call fraud but also enables remote working and turns a mobile phone into a secure communications device.
You may be reading this and wondering why you haven’t heard about this before and, as such, should you really be taking it all that seriously? Like many security breaches VoIP security awareness is in its infancy and not many organisations want to hold their hands up to being attacked and sharing the costly ramifications with everyone. You can ignore the problem but are you willing to take the risk of leaving your business open to not only the loss of critical data and information but also the financial impact that such an attack could have?