Recently I was reading an article that outlined how IT executives are starting to foresee VOIP security issues as the technology makes its way into more and more businesses.
The latest stats indicate "that two-thirds of Canadian businesses are using an IP-based VoIP telephony system as their primary telephone system, and this number continues to rise. Meanwhile, wireless connectivity is becoming the status quo, with 90 per cent of Canadian businesses using smartphones."
Naturally, security issues need to be paramount with any relatively new technology -- although VoIP in Canada is already 10 years old, so hardly "new" -- and especially one that is becoming ubiquitous across industries.
Some of the discussion highlights in the article included reference to phone settings and Wi-Fi in order to safeguard users. As the many advantages of hosted VoIP become increasingly evident to businesses, I think it's important to clear up a basic misconception when it comes to security:
Your Wi-Fi security and your VOIP security are NOT the same thing.
By this, I mean that even if you are connected to your VoIP system through an insecure Wi-Fi network, it does not therefore follow that your VoIP system is automatically vulnerable to hackers.
In order to get into the VOIP system there are additional passwords required. The conversations themselves are encrypted. Certainly the ability to have your phone accessible across multiple platforms makes it vulnerable to hackers generally, but the security issue concerns are related to data network/hardware security issues -- not VoIP itself.
With this in mind, here are three tips for maintaining VoIP system security:
1) Restrict password permissions
Business grade VOIP apps have an extra layer of security that has to be activated in order for a user to become connected. When launched on a computer, a VoIP unified communications (UC) app will require users to register with their unique user name/password every time. Companies can restrict "remember me " options and require users to sign in every single time. That means that even if the VoIP app is attacked in the computer there will be always be another password that would need to be hacked as well in order for someone to get into the system.
2) Use the safeguards available
It should be noted that even if hackers managed to get the password and hack into one phone, it wouldn't affect the entire network -- it would only affect one user. Fortunately most business grade services have "fraud detection" monitoring and can determine if there are an unusual number of minutes being racked up and will flag it. Watch user trends and stay on top of alerts or changes in tracked usage.
3) Exercise common sense when working remotely
Common sense is one of the main security measures you can employ. It's simply about being aware of your surroundings, where you keep passwords stored (i.e. if someone gets into your computer will they easily locate a file marked "passwords"?) and noticing, literally, who may be looking over your shoulder.
Calling it a VoIP security issue when someone has your passwords is like calling it a bank security issue when someone takes your money after finding your card and PIN together -- it's not.
No network is perfectly secure. But a clearer understanding of VOIP and its security measures coupled with the basic best practices that every company should implement will help ensure better overall security for users. It will also help businesses looking at their telephony options to consider the real risks and benefits of VOIP in achieving their goals.ALSO ON HUFFPOST:
If you have a color laser printer, then the documents you print may have imperceptible yellow tracking dots that reveal the printer's serial number and the date and time of printing. The dots are used as part of an effort to track counterfeiters, but the Electronic Frontier Foundation reports that there's nothing stopping the government from tracking any document you print, whether or not its related to currency.
According to the book Brandwashed by Martin Lindstrom, coupon providers often encode your personal information in the bar codes of digital coupons you print. The information can include your computer's IP address, when you found the coupon, where you redeemed it, and the search terms you used to find it.
According to a chart compiled by the Electronic Frontier Foundation, ebook companies often retain your book searches, book purchases and even information on how you're reading the book.
In an interview with Charles Duhigg about his article in The New York Times called "What Does Your Credit-Card Company Know About You?" the reporter said that many credit card companies now have "massive laboratories where they can track what you buy with your card and sort of deduce a lot of things about you, based on those patterns."
Next time you shop at Target, you might want to leave that discount card at home. Many retailers' discount and loyalty cards cards collect purchasing data on customers who use them. The data isn't just used to inundate you with coupons, it may also be used against you by insurance companies.
The Electronic Frontier Foundation warns that many new "smart" electricity meters let utility companies track your power usage "moment by moment." That means your utility company could potentially learn what time you wake up, when you go on vacation, or even more minute details -- like when you run the dishwasher or take a hot bath.
Companies like Verizon and Microsoft have sought to patent processes for monitoring TV watchers. There has also been speculation that Microsoft's soon-to-be-released Xbox One will spy on you via the Kinect, a motion-sensing camera. But that doesn't mean your TV watching habits haven't already been monitored. The Wall Street Journal in 2011 reported that cable companies target ads using TV watchers' personal data.
Follow Claudio Nespeca on Twitter: www.twitter.com/EpikNetworks