It’s a sad fact of life that when disaster strikes, there are those who will opportunistically attempt to benefit from the chaos and uncertainty it creates. In the 2020 remote work revolution, a wave of hacks has arisen and spiked overall cybercrime statistics — and while leaks of sensitive data make the headlines, VoIP telephone systems have vulnerabilities too.
I spoke to Ian Guest, Marketing Director at Pure IP, about the risks that distributed teams should be aware of.
“As soon as you redirect a call, you have an additional step in the journey to consider, perhaps to somewhere not as secure. Earlier in the year, when quick changes were being made to infrastructures, certain vulnerabilities were opened up unknowingly”, he explained. The very technology which allows us to work from anywhere can bring its own risks, especially when people’s guards are naturally lowered due to their environment, “When you’re working from home, as an individual, the distractions and introduction of new systems and workflows can make you more vulnerable to, for example, clicking on links that would otherwise seem suspicious. ”
Old scams, new attack vectors
Some of the malicious acts Pure IP have tracked this year are quaintly old-fashioned, like DDoS attacks, and the calling of premium rate numbers. If an attacker can compromise the password on a hosted PBX, or find an open VoIP port they can gather information about numbers, lines, and extension, then use this data to route high volumes of calls through your network to premium international numbers, leading to rapid and substantial costs.
“We’re constantly monitoring”, Guest explained, “and we quickly pick up trends, like high call volumes from a specific number to a particular destination, that we can flag as suspicious behaviour to our customers or apply temporary blocks…”
This helps protect Pure IP customers from attacks, which are inevitable, relentless, and easy for any organisation to fall victim to. As always, the human element is the weakest link, in terms of password hygiene and data loss, as well as social engineering, particularly when natural anxieties are exploited, in bogus COVID-19 testing alerts and similar cynical scams.
Empower your team — but monitor as well
“There’s an element of training and educating your people, which is important,” Guest continued,
“But people can never be perfect, and there will always be the risk of lapses, so we monitor the environment continually behind the scenes and we can detect trends coming through very quickly”
As well as immediately alerting customers to anything dodgy going on with their calling, as part of their enterprise voice managed service, Pure IP have the ability to directly block calls to suspicious destinations, before huge bills are run up — and have saved corporations around the world extensive sums that would have been owed on phone bills, to premium and overseas numbers they didn’t even know they were dialling.
And never forget that prevention is always better than the cure. It’s important to secure every device that connects to your business telephony system – including peripherals you might not think of, like headsets. “Strong, unique, and complex passwords, stored only in a secure password manager, are the best way to stop anyone getting past your defences in the first place,” Guest advised, “Always make sure that the default passwords on your devices are changed.”
