THE BLOG

Protection Against Phone Hackers Is Not Just for Large Companies

10/21/2014 05:44 EDT | Updated 12/21/2014 05:59 EST

A recent article in The New York Times shines a light on a scam in which hackers break into a company's phone network to run up false six-figure charges in order to receive a cut of the profits. Often called a "traffic pumping" fraud in the telecom industry.

The article outlines how this is easier to pull off and more profitable thanks to the telephone services routed through the Internet.

It goes on to say that mostly small businesses are being impacted -- to the tune of $4.73 billion globally last year -- according to the Communications Fraud Control Association, because they often use local carriers, that lack antifraud systems.

That's scary sounding stuff for the small business owner who is in the process of considering a move from their traditional landline to a more robust VOIP solution. But the reality is that the same safeguards that are available to large companies are increasingly available to small businesses -- without the large budget -- through hosted VoIP.

Network and VoIP phone security has gone from a looming concern to a high priority for most large companies. The more sensitive data we send over the Internet and internal networks, the more risks there are associated with cyber assaults. When some of the most secure databases in the world are being attacked -- those guarded carefully by leading businesses and their consultants -- the question of how to implement and budget for the proper safeguards is a big one. For telecommunications, one solution comes in the form of Remote Monitoring.

Not just the domain of large companies, remote monitoring is available to small businesses through hosted VoIP service providers, allowing them to obtain much needed security within their budget capabilities.

The Ups And Downs To VOIP Security

Early commercial applications of VOIP phone systems were criticized for being major security risks. Data that was once safe on landline networks is now bouncing around the web through unknown and unreliable pathways. The fear, which was confirmed numerous times, was that voice data could be intercepted and manipulated or phone networks would be exploited for money.

For more than a decade the only solution was to invest in internal expertise to carefully audit and monitor network activity. The added time and energy devoted to security could quickly offset the savings associated with a VOIP phone system -- the leading reason for early adoption.

It wasn't until the growth of cloud computing and Software as a Service (SaaS) capabilities did a real solution emerge. Hosted VOIP, also known as cloud telephony, shifted the responsibility to the service provider, industry experts with the resources and knowledge to effectively manage security risks.

How Remote Monitoring Protects Business VOIP Networks

  1. Critical network components are housed in specialized cloud facilities.
  2. Service providers can implement monitoring software and safeguards across their entire network.
  3. Information flow and billing patterns are passively monitored to ensure regularity and security.
  4. Strange activity can be identified and resolved proactively instead of reactively.
  5. Clients are informed of problems or emerging threats.

When threats are identified they can be dealt with on the service provider's end. For instance, certain overseas numbers are known to be used in toll fraud attacks -- like those discussed in the New York Times article. Monitoring and blocking those numbers limits the risk of losing money to fraudsters. Monitoring unusual activity can be used to assess system issues before they affect the end-user or business operations.

Is A Regular Telephone More Secure?

It's easy to assume then that VOIP is less secure than other systems but the reality is that the risk has always been around. With so much attention paid to digital network security, the weaknesses of Plain Old Telephone Systems (POTS) are often overlooked. Recently, that risk turned into reality for a small business that now faces bankruptcy because of security issue with their POTS service provider's network.

From just a few phone lines, fraudsters were able to steal over $160,000 in a single weekend. How did they do it? Their service provider's monitoring system was down for 48 hours, just long enough for their system to be hijacked and used to place hundreds of calls to overseas toll numbers. A working monitoring system would have reduced their losses dramatically by identifying the bizarre call patterns and billing.

Remote Monitoring And An Overall Security Plan

No network is perfect. It takes time, effort and collaboration to keep data secure across all entry-points. Remote Monitoring is one tool for identifying problems as they arise and ending them before the damage is irreversible. But it must be complemented by other sophisticated measures as well as the basic best practices that every company should implement.

Viruses and malware, or other automated attacks, can require a deeper knowledge of popular or emerging illegal tactics.Security officers and IT managers should stay up to date with recent trends and events related to their own objectives. Remote Monitoring is extremely valuable, with the potential to save companies from disaster, but works best within a bigger security strategy.

For more information on the most popular types of telecom-based frauds and attacks, explore the global phone fraud stats from 2013.

Claudio Nespeca leads Operations and Project Management and directs Sales & Marketing strategies for Epik Networks, a leading VOIP and internet service provider headquartered in Toronto. His expertise spans more than 17 years in the North American telecom sector.