The NY Times ran a scary article on phone system hacking, which led to a flurry of press about a growing problem in our industry (cell phone hacking, voicemail hacking, voip hacking). The most expensive form of phone system hacking involves people making calls from your phone system overseas to the equivalent of 900 & 976 numbers in a sophisticated kickback scheme, or routing calls on illicit calling cards and services through your phone system. This leaves you stuck with massive international calling charges that you are ultimately responsible for. The NY Times profiled a 6-person company hit with $166,000 of charges in a single month.
You can always reach out to us to schedule a security audit if you are concerned about your phone system. Just email firstname.lastname@example.org.
However, there are some simple tips that can protect you, and that follow general IT security principles.
1) Restrict international calling. Call your carrier and have them turn it off completely. Most international business people are comfortable with Skype, Google Hangouts, and the like anyway.
2) Require account codes. If you must make international calls, require an account code to connect the call. Call your carrier and request this simple change – calls will not connect until the code has been entered following dialing.
3) Enable alerts. Most carriers will send you a text or email if your usage exceeds a certain threshold, so you know to get involved.
4) Firewall should be on a need to connect basis. Only allow known IP addresses to connect to your phone system. If you have teleworkers connecting from home, enable hot desking to require a PIN to enable the phone or phone app.
5) ‘1234’ is a terrible PIN. Stop doing that. Don’t use default PINs, don’t use 1111, 0000, 1234. Ask your system administrator or Extenda to move to 5 digits or more. Hackers can access your phone system by hacking into your voicemail or conference bridge, so please, use sophisticated passwords. Our systems will lock them out after a number of bad guesses.