VoIP Security: Get Proactive

Voice over Internet Protocol (VoIP) is one of the best things that ever happened to business communications. Unfortunately, cybercriminals agree — and have their sights set on the treasure trove of valuable data that awaits them at financial institutions, professional service firms, big retail stores, universities, and government agencies. 

Since VoIP is internet-based, it is vulnerable to the same types of attacks on all other web connections. Security experts believe that attackers are improving their techniques to make them capable of launching new threats. Phone eavesdropping has become a lucrative business for hackers, raking in thousands of dollars from stolen phone lines.


The web is a virtual playground for attackers, who constantly search for potential victims and fine-tune their craft to launch new attacks. Depending on the gravity of the methods used, a SANS Institute paper identifies the following common threats:

  • Call recording
  • Call eavesdropping
  • Voicemail tampering
  • Worms and viruses
  • Denial of Service (DoS)
  • Registration hacking
  • Caller ID spoofing
  • VoIP toll fraud
  • Data theft
  • Voice spam

Call eavesdropping and recording, and voicemail tampering breach the users' privacy by leaking sensitive information or compromising corporate secrets. Attackers can then resort to blackmail and extortion.

The telltale signs of worms, viruses, and DoS are service outages and degraded service quality, such as the inability to open files or get a connection. The goal of these threats is to disrupt services, forcing the business to pay a ransom to restore operations.  

Faking authenticity through registration and caller ID spoofing is another method hackers use to create chaos. Toll fraud and data theft are two of the most dreaded threats that can cost companies financial losses as well as the leakage of critical business information.

VoIP administrators should also be wary of warning signs. A sudden spike in the volume of calls in unlikely area codes could indicate hackers have successfully breached the network. Other signs are fake antivirus messages where there is an enterprise-grade antivirus program in place, mysteriously activated microphones, webcams, and other hardware, and unofficial changes to internet settings.

Securing the VoIP Network

Hackers of all flavors — from the neophyte who wants to have fun to the professional cybercriminal who wants to become wealthy — will continue to exploit existing vulnerabilities. The VoIP dilemma is not without hope, however, as long as companies give serious effort to beefing up security.

VoIP Encryption

Should you encrypt your VoIP network? Users remain divided on the relevance of encryption. Security-conscious companies want their data encrypted as it travels across the VoIP network to prevent hijacking. Security vendors offer numerous encryption solutions. Unfortunately, it is unclear which method is the encryption standard for VoIP.

Unique and Robust VoIP Passwords

Password security is one of the first lines of defense in many internet-based systems. Strong passwords are those that use, among others, eight or more characters that include letters, numbers, symbols, and upper and lower case characters. Additionally, a good rule of thumb is to change passwords as often as possible.

VoIP Firewalls Matter

Firewalls are also an essential tool for VoIP security. They help control incoming and outgoing traffic on the VoIP network in much the same way as they do for other web-based traffic.

These are three of the first areas companies typically explore when considering VoIP security. Other potential security measures deserve equal consideration and attention. When you are ready to take the next step, sign-up for a security health assessment. Our experts can show you how to make your voice communications work in a secure environment.

Free Cybersecurity Assessment