We’re beginning to see signs of a new normal emerging with 64% of workers now remote, a 148% increase in 2020. For commercial organizations, this has meant a growing reliance on business phone systems based on VoIP (Voice over Internet Protocol), cloud PBX, and Unified Communications (UC) solutions. As a result, there’s been an 80% increase in the use of collaboration apps, video conferencing, and other shared data platforms.
With the adoption of new cloud based applications, and the increasingly blurry lines between work and personal life, the August 2020 Edition of the Netskope Cloud and Threat Report observes a 161% increase in visits to high-risk apps and sites. Cloud security is becoming a major concern.
How Business Phone Systems Are Vulnerable
Using a cloud PBX or VoIP business phone system involves transmitting information over the Internet, potentially exposing that voice data to threats like phishing, call interception, impersonation, and spoofing.
A Shared Model for Cloud Security
To guard against these threats, you need to be diligent — both in overseeing your own IT and data security management, and in working closely with your business VoIP provider, to ensure that all security requirements are being met and enforced.
In this light, cloud security is a responsibility that you share with your business communications service provider. While they should have robust measures in place to safeguard your cloud PBX or Unified Communications platform, there are measures that you need to take to preserve network and data security at the user end.
Your cloud service should support the Transport Layer Security (TLS) or Secure Real-Time Transport Protocol (SRTP) encryption standards.
Transport Layer Security (TLS) protects SIP messages sent by your PBX or soft phone with encryption. Enabling the TLS protocol on your equipment prevents any third party from being able to read or modify your inbound and outbound numbers, or other authentication data.
SRTP (Secure Real-Time Transport Protocol) is a cryptographic protocol that provides encryption, message authentication, and replay attack protection. The mechanism decrypts information upon arrival, making it difficult for attackers to intercept it mid-stream.
Virtual Private Network (VPN)
A Virtual Private Network or VPN for voice communication encrypts your voice data over an internet connection. This is particularly useful for your remote workers, especially those operating in areas where public or mobile networks are high risk.
Instead of using separate VPN and VoIP services, it’s possible to get a combined package or VoIP VPN — a VPN service that routes all your voice data through a secure network.
VLAN stands for Virtual Local Area Network, and voice VLAN is a mechanism that enables you to configure your network access ports so as to separate voice traffic from other data traffic. Alternatively, you can assign your enterprise phones a separate IP address.
For your IT management, this effectively segments your voice traffic into its own dedicated network, making it easier to monitor, and protecting your voice communications from the complications that can arise when voice and other hardware share the same connections. This also results in better call quality.
As with any other network computing device, your voice communications equipment needs to be behind your corporate firewall. And you should configure this firewall to block unwanted and unauthorized access to your office network.
User identity management and strong multi-factor authentication are smart security practices that will add another layer of protection to your set-up.
You and all your staff should use strong passwords (eight or more characters, mixing letters, numbers, and keyboard symbols), which should be changed every few months. There are password management apps that can automate this process, and securely store credentials.
net2phone’s Encrypted VoIP ensures that your personal and confidential data remain secure, using the latest TLS and SRTP encryption techniques to protect your information and avoid privacy breaches.
You might want to read: