What You Should Know About IP Telephony Security
CTO
With new stories about recent cyber attacks and security breaches becoming increasingly commonplace, the issue of security for IP telephony is one that can no longer be ignored. Even companies with large, sophisticated systems like Target have found themselves the subject of data attacks by hackers aiming to collect customer information like social security numbers, account information and more.
With today’s network-based voice systems (both on-premise and cloud-based), the issue can be more complex—but the results are no less devastating in the event of a breach. For organizations with such systems in place or considering implementing those solutions, here are a few of the things you need to know about IP telephony security – especially prescient for your VoIP call center.
The Main Forms of IP Telephony Attacks
The two main forms of attacks on Internet protocol (IP) telephony systems are denial-of-service (DoS) attacks and eavesdropping. Both can compromise operations and security of customer and corporate data, as well as present unique challenges to security experts.
DoS attacks are aimed at disrupting servers by overwhelming them with automated service requests. Rather than poaching data directly, the goal of DoS attacks is to disrupt operations and lock customers out of communication with telephony providers.
Eavesdropping can even more insidious—a network-based, man-in-the-middle attack aimed at setting up relays that allow hackers access to supposedly private data communications. And as IP addresses are increasingly being shared and becoming more difficult to trace, identifying eavesdropping hacks is becoming more difficult.
Who is Being Targeted?
All data transmitted over IP is susceptible to breach, and all sectors are being targeted. From carefully regulated industries like finance and healthcare to retail and commercial enterprises, the pressure to ensure information security is growing.
The rise of cloud-computing has made it even trickier to protect against hacks. As technology outpaces IT support, security measures often prove insufficient when attempting to fend off attacks from individual hackers and nation states—or make things worse.
According to a 2012 report issued jointly by the University of Wisconsin, security software firm RSA and the University of North Carolina, “while data loss and data leakage are both serious threats to cloud computing, the measures you put in place to mitigate one of these threats can exacerbate the other.”
How Can You Ensure Your IP Telephony Systems Are Secure?
Ultimately, the security of data transmitted over IP systems involves careful monitoring of data pathways, scrubbing of irrelevant records and data and encryption. For telephony system, encryption poses certain challenges.
“Encryption comes with significant complexity that is often beyond the capabilities of voice engineers,” says a David Stein, a principal with Stein Consulting Group and member of the Society of Communications Technology Consultants. This makes the data difficult to hack, but also can lead to the systems being expensive.
“It comes down to weighing the value of the information that might be hacked against the cost of securing it,” continues Stein. “Is it better to be safe than sorry regardless of the cost?”
With privacy and data protection at a premium, the answer to this question increasingly appears to be “yes.” Through the judicious application of security protocols and monitoring, it is possible to create safe and reliable IP telephony systems.
Don’t let the the latest developments — from a technology or regulation perspective — hold you back. For details on how you can stay TCPA compliant, download our TCPA Compliance ebook for a plain English breakdown of the new TCPA rules, as well as checklists to help you stay compliant with the changes.