Steps can be taken by a user to prevent the hacking of office phones, but if there is a breach, the blame falls squarely in the lap of the provider
Phone hacking goes by many names, includes various techniques, and dates back to the 1980’s, but one fact remains: VoIP has made phone hacking easier, and more dangerous than ever. With the ability to drain up to £70,000 in a single session by directing an office full of phones to call premium rate numbers when employees leave in the evening, businesses are right to pay attention to the issue - but what nobody is sure of is who to blame.
Of course, hackers are the obvious culprits in any scenario, but to quickly blame them is to ignore the fact that VoIP hacks are easily preventable.
Is it the end user’s fault, for ignoring prompts to create a more secure password? If people don’t realise the potential risk of having an internet-connected phone on their desk, are they to blame for any losses they might have?
Or perhaps it’s the fault of shady end-numbers: it’s all well and good that customer service lines or utilities companies use premium rate numbers, but why are there no attempts to stop a black hat hacker sat in his bedroom from setting up one of these numbers and reaping the rewards without reprisal?
Maybe not, but there is a more important fact being ignored.
Businesses with VoIP systems do not magic them out of thin air: every handset, network, and service comes from a provider, and behind any good provider is a legion of network engineers and security analysts who know better than to install VoIP systems that are anything less than idiot-proof.
Nettitude’s suggestion for companies to consider hiring an in-house security analyst to monitor their network are not wrong, but the responsibility for these security risks starts far further up the chain.
“We don’t think that securing a VoIP system should be the client’s responsibility,” says Sam Strover, Vostron's Managing Director.
“When we install a VoIP system, we take on all the precautions ourselves, whether it’s making sure there is a secure password on the phone, segregating telephone traffic from Internet traffic, or ensuring that updates are pushed to the handset.”
He highlights the way in which Vostron approaches installation of a VoIP system as a defining factor: “Our service combines network set-up, handset configuration, and the telephone service in one package.”
“It’s the only way we can ensure that every precaution is taken by the time an end-user gets a hold of the service.”
In the case of preventing VoIP hacks, where the blame lies is not a case of morals, just a simple fact of business principles: if you’re providing a client with a handset, service, or network, you’re relying on them making money to keep up a healthy business relationship. As soon as you neglect to protect them from potentially devastating hacks, you’re putting that relationship at risk - and potentially losing a customer.