When most people think about cybersecurity, they think about firewalls and encryption standards to protect apps and databases from being the victim of hackers. However, there are glaring flaws in many enterprise systems, some of which are bigger than most people realize. These problems go unnoticed, and therefore unaccounted for, and more businesses end up falling victim to them.
Take, for example, your telecommunications system. Chances are, this is only a secondary priority for your security and IT teams, yet telecommunications fraud costs businesses more than $38 billion a year, according to the Communications Fraud Control Association (CFCA). Vyopta illustrates the potential damage here by recounting the story of an architecture firm in Norcross, GA that discovered $166,000 in fraudulent phone charges, accrued over a single weekend.
Biggest Vulnerabilities in Telecom
There are several ways for criminals to take advantage of a flawed telecommunications system. Many take advantages of Private Branch Exchange (PBX) systems, by using direct inward system access (DISA). When criminals get ahold of a phone with PBX functionality, or gain access to a voicemail system, they can use system commands to get access to a dial tone-and then place as many long-distance calls as they like. At this point, they usually sell access to this line for a profit. Voicemail fraud is also a common target.
Best Practices for Securing Your Business
You don’t want your business to accumulate hundreds of thousands of dollars in fraudulent charges, or expose your business’s systems to cybercriminals. Be proactive and guard your business against these potential breaches with the following best practices:
1. Don’t rely on factory default settings.
When you get new phones or voicemail boxes from your telecom provider, they’ll come with a number of factory default settings, including a default password (which is usually something like “0000.” You’ll want to change these as soon as possible, because factory default settings are notoriously easy to guess.
2. Educate your staff on threats and best practices.
Most successful hacking attempts are the result of a human error (or failure). Your employees may not choose strong passwords, they may leave their phones unsecured, or may otherwise make a mistake that makes it easier for thieves to gain access. You can’t prevent every mistake, but you can take measures to better educate your workers on existing threats and best practices for preventing them. Make sure your employees choose strong passwords, disable services they don’t need, and avoid leaving their mobile phones unsecured or unattended.
3. Disable international and premium rate access.
Most telecom hacking attempts have one end goal: gain access to a phone line to place international and premium-rate phone calls. If you simply disable your phones’ ability to place these types of calls (which is easy for most providers), you’ll instantly protect yourself from these fraudulent charges. However, this assumes you don’t need access to these features on a regular basis.
4. Change access codes and passwords regularly.
Mandate that voicemail access codes and other phone-related passwords be changed regularly. If someone does seize control of one of your devices, you’ll be able to lock them out quickly.
5. Disable DISA if you don’t need it.
It’s also a good idea to disable direct inward system access (DISA), unless you absolutely need it for your business. This could cut off an entire branch of potential fraud, since dialing in remotely is a prime opportunity for hackers.
6. Secure your comms room.
If all your communications equipment is centralized in one location, you’ll need to make sure that location is secure. Have an IT staff member routinely review proper security procedures, and lock the room down so only necessary staff members have access to it.
7. Review call use on a regular basis.
Finally, don’t let yourself be surprised by a sudden accumulation of charges. Take time, routinely, to review the phone calls being placed by your company, and flag any outliers. Chances are, one rogue international call isn’t a sign that you’re the victim of fraud, but it’s worth reviewing and following up so you can stop the criminal activity before it escalates beyond your control.
With these seven simple strategies, you’ll be able to prevent the vast majority of telecom security vulnerabilities. That doesn’t mean your business will be suddenly exempt from criminal activity, but it will greatly decrease your chances of falling victim to this $38 billion threat.