How do I make my hosted pbx secure from cyber attacks?

Security & Compliance

Security & Compliance


Cyber threats and attacks are becoming an ever-increasing problem for many businesses. The F.B.I. now ranks cybercrime as one of its top law enforcement activities, and in a recent study by the CFCA, a compromised PBX/Voicemail Systems was the top category for fraud loss with $4.96 Billion (USD).

A measure to fight cyber attacks and threats for your phone service is to implement a Cloud PBX system. When choosing a provider you want to ensure they have comprehensive development of the following three levels of security:

  1. Physical and Network Security
  2. SIP Endpoint Security [phones and devices]
  3. Toll Fraud Monitoring/Detection 

Choose a provider with security in mind

Physical & Network Security

Top tier providers should host their voice cloud in geographically dispersed, highly secure and monitored data centers. Each datacenter should have restricted access, biometric controls, and complete tracking of access and changes.

Conducts penetration testing of our cloud infrastructure on a quarterly basis. During testing, the provider will attempt to infiltrate their systems and check for vulnerabilities and open ports in the network.                                              

SIP Endpoint Security (phones & devices)                           

To verify phones and devices are secure from cyber threats and attacks like eavesdropping, you want your provider to require strong passwords on all SIP endpoints. Individual passwords are not distributed or viewable internally to prevent access from internal threats.                   

Your provider should constantly monitor your site vulnerability and endpoints by looking at call patterns. Through this process, they can detect and limit simultaneous calls per device, phone registration from multiple IP addresses, and attacks on device and account credentials.

Don't forget about toll fraud monitoring and detection

Toll fraud is the illegal use of a company’s telecommunications system by a third party (e.g., a hacker) from a remote location. Hackers commit toll fraud by stealing a business's phone service and placing unauthorized long-distance calls.

The most common toll fraud is international toll fraud, whereby hackers obtain access to passwords and accounts to exploit companies for international calls. In this form of fraud, criminals scan the public internet for applications that make phone calls. Once they detect these applications, they attempt to crack the authentication credentials and make phone calls (for which the customer will be charged).

What are the signs of toll-fraud?

  • Increased call volume after business hours
  • High call volume from one source
  • Extended phone line use when no one in your office is on that phone line

Work with a provider that has a policy that requires all SIP endpoints to be installed in a securely trusted zone behind a firewall and not exposed to the public internet. The firewall must block all inbound untrusted internet traffic to the SIP endpoint. The firewall can be configured to allow inbound traffic from trusted devices from remote locations. Filtering based on source or destination address is useful because it enables you to allow or deny traffic based on the computers or networks that are sending or receiving the traffic.

You want a provider that scans the network of connected devices to determine if any of the SIP endpoints are open to the public internet. If an endpoint (a phone, phone system or gateway) is determined to be open to the public internet, you will need a notification to be sent to you requiring to secure the SIP endpoints behind a firewall.                    

Additionally, your provider should monitor call patterns to international (and high-cost) locations on a constant basis and continually looks to improve their fraud monitoring systems. If any customer exceeds the call thresholds for any international areas, the provider should disable international calling, and send an email notification to the customer informing them that international calling has been disabled based on possible fraudulent activity.           

In the end, if you are vigilant and set your phone systems up correctly with a well-established HPBX provider then cyber threats are unlikely to negatively impact your business. Even if they do occur you should be able to recover faster, with less hassle than if you used any traditional integrated phone system.

More about Security & Compliance