We’ve all heard horror stories about hackers gaining access to confidential information on business computer networks. Less publicized are the stories about hackers accessing business phone systems – racking up hundreds or thousands of dollars in long distance or international phone calls on your company’s tab. Business owners may not even realize that their system has been hacked until a bill arrives.
Each company should decide on the best security and password policies for their users and business. These five tips will provide a starting point for creating a security plan to best protect your phone system.
1. Do Not Give Out Your Password
It may seem like common sense, but scam artists can be convincing. One of the most frequent scams occurs via a phone call from someone claiming to be with a phone system provider. The caller asks for the system password, and then uses it to access the system and place outbound long distance or international calls.
Don’t become the next victim of toll fraud. If you receive such a call, tell the caller you are not authorized to provide that information over the phone. Report the incident to your system administrator immediately.
2. Analyze Password Security Periodically
Implement a routine system security audit to expose any passwords that do not meet security standards. Some VoIP systems provide a built-in tool to automatically check for unsecure aspects within your phone system.
3. Create Stronger Passwords
In 99 percent of toll fraud cases, unauthorized access is gained through unsecure (easy-to-guess) passwords, such as ones that contain your extension number, consecutive digits (1234) or repeating digits (5555). Select a password that is easy for you to remember but not easy for others to guess. By creating stronger passwords, you can dramatically increase the security of your phone system against toll fraud.
4. Implement Company-wide Password Rules
Enforce strict password rules, instituting a minimum password length or forbidding certain digit strings like the ones just mentioned. Generally speaking, four to six digits is an optimal length for your password – long enough to challenge a hacker and short enough for you to remember. For consistency, it is wise to set a standard length in your company for all employees to follow. Another layer of security can be added by locking out a user after a certain number of failed login attempts. Your system administrator would then have to reset the user’s password.
5. Change Passwords Regularly
Safeguard voicemail boxes from unauthorized access by changing passwords regularly. Your system administrator may be able to configure your security settings so that passwords expire at regular intervals (usually weeks or months).
Remember, if someone contacts you claiming to be from one of your vendors and requests your password - DO NOT GIVE IT TO THEM. Hang up the phone and immediately report the incident. If you have given your password, contact your administrator immediately so they can alert your co-workers and take the appropriate action to safeguard the system.
Instances of phone system hacking do occur, but business owners can take measures, like the ones listed above, to create a more secure phone system and deter would-be hackers.