Most everyone is aware that hackers are trying relentlessly every day to get into your company’s private network so they can steal your and your customers’ important data that would be harmful to your company if it were to fall into the wrong hands. But something most people are not aware of is the fact that phone systems are incredibly vulnerable to attack—and they can be a hacker’s fastest link into your private network.
PBXs, or private branch exchanges, are phone systems that allow for communication out of and across a large number of phones in a single organization. Companies have made a turn toward digital IP PBXs over traditional Analog systems because it is easier for them to have everything—computers and telephones—connected in one network. Analog PBXs only provide telephone services, requiring the company to find their own provider to deliver a separate connection to the internet; however, with IP PBXs both internet and phone are connected and come into the company from the same provider via one wire—making things more connected and easier to use for the company.
Along with the increased connectivity between telephone and private networks, there are some additional advantages to choosing an IP PBX including lower costs both upfront and for traditionally expensive calls, as well as increased ease-of-use and accessibility for employees via unified messaging. Unified messaging, or unified communication, simplifies and connects all forms of communication—text, voicemail, email, video conference, fax, etc.—and allows them to be handled in a single mailbox that the user can access from anywhere. This can be via an app that allows you to check your voicemail remotely, or via an email attachment with a soundbite of the voicemail. This allows users to be connected to their office telephones from anywhere.
However, with all of this network connectivity, there are some potential drawbacks as PBXs are among some of the most vulnerable office equipment out there.
Threats to your PBX
Many people are unware of the vulnerabilities that their phone systems pose to their company and consequently, these people leave their phones unprotected—and hackers are well aware of this knowledge deficit. Criminals can ring up a huge phone bill by making unapproved domestic and international calls, costing your business big bucks if gone undetected—and that’s just the minor threat PBX hacking can pose!
With the vulnerabilities of unprotected IP PBX phone systems, it raises the question—if my private network and my phone network are connected, wouldn’t it be easy for hackers to get into a private network via the connected, weakly-protected phone system? The short and simple answer is yes.
The greatest and most dangerous threat to your company is when hackers use your vulnerable phone system to hack into your private network—where you store your customer, employee, and financial data, among other vital things. This is the information computer hackers long to take from every company that they can, and weakly protected phone systems are the best direct channels to getting that information from your business.
Protecting your PBX
Though the revelation of yet another point of entry for hackers into your business might be pretty disconcerting, there are some simple defenses you can put in place in order to better protect your company’s PBX system and consequently all of your sensitive data.
- Use strong authorization codes or passwords. Each phone and/or user should have their own individualized login and password in order to strengthen the security of the PBX. Many providers of PBX systems leave user passwords at their default settings or simply make them something easy to guess like the user’s birth date or extension number, thus leaving the door wide open for hackers to easily guess and check in order to infiltrate the system. Use of complex, hard to guess authentication codes/passwords is a simple step that allows for less risk to threaten your phone system security.
- Delete or deactivate unused accounts. Say an employee leaves your company for whatever reason, her phone’s inactive voicemail box is now an unmonitored entry point for hackers to sneak into your company through your phone system. Deleting extra passageways for hackers takes little time to accomplish and can be a major benefit to your company’s cybersecurity.
- Frequently check your outgoing voicemail to ensure that it is in fact your voicemail message. One way hackers ring up your phone bill is by changing your outgoing voicemail message to something like “Yes, I will accept the charges,” then the hacker collect calls this compromised number, charging it on the company’s dime. By not only checking, but changing your voicemail regularly, you can prevent this type of threat to your company. Though this is more of a minor threat, you could save your business thousands of dollars in phone bills by checking something as simple as your outgoing message.
- Restrict or monitor certain types of phone calls made to/by your phones. Consider restricting international or long distance calling destinations if your company does not require contact with them regularly. You can set this up either directly into your phone system, or by having your provider notify you of attempts of this kind.
- Use Firewalls to protect your data. By having your phone system shielded by a strong firewall, you are providing your company’s phone system with the best possible defense. Intrusion detection will notify you of any attempts or breaches to your phone system and is a key feature this firewall should have; a next-generation firewall will be the toughest one for a hacker to attack.
- Axiom provides a PBX system that has a built-in firewall and we encourage our users to put an additional Axiom SecureAmerica® Next-Generation Firewall in front of that in order to protect your phone system two-fold. Learn more about Axiom’s PBX from our CEO, Troy Wilkinson, here.
Though an unexpected route for hackers to take, securing your phone system is not only key to keeping calls and other means of communication safe from attack, but your private networks and all of the dignified information they store as well.
If you’d like to find out more about securing your phone system or private network, give us a call at (800) 519-5070 or visit our website at https://www.axiomcyber.com/ to speak with one of our IT experts.
Hailey R. Carlson, Marketing Inter, Axiom Cyber Solutions 7/21/2016