VoIP reliability and availability empowers workers through mobile and remote features. These features include; the ability to use mobile device apps, connect with coworkers by extension dialing no matter where they are. The ability to use your office phone anywhere you have an internet connection, forward your office calls to your cell phone or listen to voice mail over e-mail. With the capabilities VoIP provides, there are some potential security issues. Next Advisor put together a list of 5 VoIP threats and how to protect your nonprofit against them. Read on for all the details.
Spam over Internet Telephony
Known by the acronym SPIT, it's similar to spam email in many ways. Both involve unsolicited messages, often generated automatically, that waste your time and annoy you. However, SPIT is underestimated as a threat to VoIP security. That’s because some SPIT calls try to scam you out of personal or financial information, and SPIT is harder to detect than spam email because you can’t know the content of the call until you pick up the phone, while spam emails are easier to spot because they have a subject line. Tech Impact's hosted VoIP phone services includes a robocall blocking features that keeps random automated calls from reaching your phone.
Problem: When you make a VoIP call, data flows from your device to your ISP, then to your VoIP provider, and finally to the person or people you’re calling. If that call data is unencrypted, then someone could potentially eavesdrop on your conversation at any of those points. Private information you mention over your VoIP could be used to steal your identity or socially engineer a family member to give out more of your personal data. While it is true that analog telephones are also unencrypted, VoIP phones are easier for cybercriminals to tap because the data flow is less centralized compared to the traditional telephone system.
Solution: The simplest solution is to find a VoIP service that provides encryption for your calls. Several business VoIP services, such as Vonage Business and Jive, offer encryption by routing calls directly through their cloud servers. Alternatively, you could set up a virtual private network (VPN) compatible with VoIP. VoIP VPNs create an encrypted private network between you and the people you’re calling, establishing a direct line of communication that is difficult to intercept. The cost of a VPN’s security, though, is paid in increased bandwidth usage. If you have dial-up or satellite Internet with a connection speed of only 1 or 2 Mbps, adding a VPN to your network may greatly degrade the quality of your VoIP calls. That said, those with high-speed Internet connections will likely not see a change in their call quality.
Problem: One big benefit of VoIP is that it lets you access your number and voicemail from anywhere using a computer or mobile device. However, that also makes your phone service vulnerable to hackers. For example, a hacker on the other side of the world could break into your account to steal your information or gain control of your VoIP system. Since VoIP is connected to the Internet, hackers can attack in a lot of different ways, and if you want to be safe, you have to make sure you cover all of them.
Solution: No VoIP provider can completely protect you from hackers. The best way to minimize the chances of someone hacking you is to practice good computer safety and cybersecurity habits. Change all of your passwords and PINs away from their default options, and make sure the new passwords you use are strong. If you have a Wi-Fi network, protect it with Wi-Fi Protected Access (WPA) protocol, and set a strong password on it as well. For every computer and device on the same network as your VoIP, you need to keep all software updated, regularly scan for viruses and use caution when downloading programs or clicking links, as a single compromised system can quickly infect an entire network. When you’re traveling, be wary of using free Wi-Fi hotspots to make VoIP calls, as hackers can easily lurk on those networks. If they spot your VoIP traffic, they could listen in on your call or inject malware into your device.
Problem: VoIP hardware, such as analog telephone adapters (ATAs) and IP Phones, can ship with security vulnerabilities that the manufacturer isn’t aware of until later. For instance, in 2015, IT hardware company Cisco found a security exploit in its SPA300 and SPA500 Series IP phones that let attackers remotely eavesdrop on VoIP conversations. These exploits may require firmware updates to fix, but in order to apply those updates, you have to be aware the problem exists in the first place.
Solution: This VoIP security issue is easy to fix. Periodically check to see if the manufacturer of the VoIP hardware you use has posted any security advisories. If they have, patch (or update) your hardware as soon as possible.
Problem: Distributed denial of service (DDoS) attacks are becoming a more common threat, increasing in frequency every year. Most people don’t have to worry about being targeted by a DDoS attack, but if you run an online business or do anything that places you in the public eye (such as blogging or streaming), your chances of becoming a victim increase. A DDoS attack against your IP address will overwhelm your Internet service and temporarily disrupt your VoIP system.
Solution: For home VoIP users, a VPN is the best way to protect yourself from DDoS attacks. In addition to encrypting your Internet traffic, VPNs mask your true IP address, preventing attackers from sending their flood of worthless data to the right location. VPNs can help business users as well, but if you think your business is large enough to be a high-profile target, you may want to invest in dedicated DDoS safeguards. Companies like Cloudflare and Arbor Networks specialize in mitigating DDoS attacks, and they may be helpful for your business because they redirect excessive traffic to their own servers and absorb the blow while your VoIP stays online.
While all of these security threats may seem like a lot to worry about, once you get your defenses set up, you can rest easy knowing your calls are protected. All it takes to keep your VoIP secure is a little care, knowledge and the right tools. If you’re looking for a VoIP provider and security is your primary concern, read our VoIP reviews to see which service is right for you. Also, for more tips on how to get the most out of your VoIP, keep an eye on our VoIP blog.
5 VoIP Security Threats and How to Safeguard Against Them