Why Your Business Should Encrypt Your Voice Lines
VoIP has become a standard communication tool for businesses. Since 2008, when VoIP lines accounted for 80 percent of all new corporate phone line installations, the vast majority of new business phone lines have been VoIP lines. The global enterprise VoIP services market reached $85.9 billion in 2015, and is projected to expand at an annual compound growth rate of 9.5 percent to reach $194.5 billion by 2024. While the emergence of VoIP technology represents tremendous cost savings for small business owners, it also presents a new security challenge to include VoIP security as part of IT security. Unfortunately, many small business owners aren’t taking proactive steps to secure their VoIP lines, leaving themselves open to attacks. Here are some of the risks you take when you don’t encrypt your VoIP lines, and why it’s in your best interest to make sure your VoIP communications are encrypted.
Unencrypted VoIP Lines are Vulnerable to Hacking
When left unprotected, VoIP lines are vulnerable to hackers increasingly targeting these vulnerabilities. In the first quarter of 2015, security provider Nettitude noticed a spike in VoIP attacks, particularly in certain regions. For instance, 67 percent of all attacks directed against Nettitude’s UK clients were VoIP attacks. A large percentage of successful attacks originated in China. Attacks often occurred after business hours, when fewer employees were on-premises to monitor the situation.
Analysis determined that hackers conducted six separate types of attacks. Some attacks were classified as social threats, for purposes such as presenting fraudulent credentials to gain access to company records, creating unauthorized bills or even extortion. Other attacks were carried out for the purpose of eavesdropping. Another category of attacks was designed to intercept communication for purposes such as rerouting a call or, in some cases, impersonating a caller. Another common objective was stealing premium rate or long distance service minutes from companies. Two other kinds were for interrupting services through means such as denial of service attacks or power interruptions. Companies that don’t protect their VoIP lines are potentially vulnerable to all these types of attacks.
VoIP Breaches Can Expose Other Vulnerabilities
As some of these attack categories illustrate, VoIP attacks can compromise other areas of your business. Malicious software injected into a VoIP system can potentially infect your general IT system if you don’t have your VoIP service set up to segregate phone service from internet service. Many VoIP attacks are intended to gain access to personal or financial data. Some can even attack your company’s power, potentially shutting your whole business down.
Breaches Can Be Expensive
When your VoIP line is breached, it can be very expensive. Because VoIP services are often billed based on usage, dollars can add up quickly. One VoIP provider was targeted by hackers who uploaded a 10-minute audio file to the server and then auto-dialed satellite phones to play the song for 10 minutes per call, which added up to $7,000 in less than two hours. Another business was victimized by hackers who routed $25,000 worth of calls through their server within a couple weeks. A Melbourne VoIP provider went out of business after criminals sold their company’s system information to unethical VoIP providers in Europe, the Middle East and Asia, routing $100,000 worth of calls through Egypt.
Encryption Is Easy
Fortunately, encrypting your VoIP services is relatively easy if you work with a good VoIP provider and IT team. Cisco provides some guidelines to VoIP encryption and security. If you’re using a hosted PBX solution, have your IT team talk to your VoIP provider about their encryption and other security measures. Apply encryption by user, by device or by segment to encrypt sensitive voice traffic without clogging up your system. Encrypt signals at your internet gateway with SIP or TLS, which your provider’s switch fabric may handle. Encrypt media with SRTP or other protocols. Use VPNs when connecting to your network by phone. Talk to your VoIP provider and IT team about these and other encryption measures you can take to keep your VoIP traffic secure.