Ensuring that VoIP technologies aren't the weakest security link

Register now

Data security is a top concern for all organizations, but do you know how safe your professional communications are? Not just your emails – email encryption is the first rung on the security ladder – but other aspects such as voice messaging, video conferencing, and Voice over Internet Protocol (VoIP) based file transfers.

As more companies make the shift to VoIP as their primary communication tool, we’re left with some unanswered questions about data security.

If we’re going to understand where the gaps in VoIP communications are, it helps to understand why so many companies are making the switch. In essence, businesses are leaving behind plain old telephone systems (POTS) for VoIP because it’s a multimodal tool enabling video and voice calls as well as file transfers via a single tool, with an unbeatable uptime rating. Moving to VoIP is also part of an overall migration to the cloud, a process that brings with it convenience partnered with security concerns.

Businesses need a strong security-oriented migration strategy for communications, and that means choosing the right VoIP provider and understanding the mechanisms behind this mode of communication. IT professionals should also undertake training to mitigate major VoIP risks such as phreaking, eavesdropping, and DoS attacks.

Selecting For Security

When choosing the right VoIP provider for your business, there are several key factors to account for, including scalability and quality of calling – but there are plenty of companies that can provide those features. Security is a tougher sell.

One way to improve VoIP security, then, is by choosing an on-premise system rather than a hosted one because this ensures your VoIP system is behind business-approved firewalls and increases the available degree of security customization. On the other hand, with an onsite VoIP, if there’s a security breach, everything is right there, vulnerable to hackers.

An alternative to onsite VoIP for security is to choose a business VoIP with long tail organization. Long-tail VoIP offers multi-level security, making it harder for system threats to break through. In comparison, short-tail systems only cover the sure risks – the threats that will absolutely impact your business if you leave your system unprotected. Long-tail covers you for “needle-in-a-haystack” situations and your customers deserve that.

Know Your Enemy

Finally, even if you have a great VoIP provider with high-level security, the only way to fully protect your business data is by understanding who or what you’re up against. With VoIP systems, one of the leading risks is eavesdropping.

Eavesdropping via VoIP is exactly what it sounds like – hackers listen in on voice or video calls or tap into messaging systems to collect information. It’s a common problem because most VoIP systems aren’t encrypted, and that’s something every company should look into correcting. Discuss encryption with potential providers; if you can’t add it yourself or if the provider doesn’t offer it as an option, you run a serious business risk.

Another security issue facing VoIP is internal system exploits. Most VoIP systems run off cell phones or tablets for enhanced mobility and device apps are vulnerable to open ports. What is that? An open port is essentially a data flow point that is unsecured and can be exploited as a security weakness. They can also be used to spoof caller ID and fraudulently collect sensitive information under the cover of a known entity.

Ultimately, it’s the very flexibility that makes VoIP systems so appealing that also makes them vulnerable; businesses that adopt VoIP as a communications standard need to consider implementing additional security practices to keep business data secure. Think of it as similar to a BYOD policy – what you gain in convenience you may lose in security, but professional guidance can help bridge that gap.

For reprint and licensing requests for this article, click here.