VoIP – Cybersecurity risks & Best Practices in 2021

Voice over Internet Protocol (VoIP) has been at the center of every single interaction since its inception into the world of contact centers. VoIP transmits data from one point to another by using packet switching. In short, the human voice is broken into smaller parchment to travel faster via cloud to the end caller. Once there, it is reconnected and successfully emits voice data.  VoIP offers endless benefits to businesses in terms of faster communication, better customer service resolution rates and increased productivity. The big question everyone has in 2021 is about cyber security attacks and its increased impact on the contact center world due to the heavy usage of telephonic conversation via VoIP. Cyber-attacks in France have quadrupled over the last year, forcing authorities to strengthen the chain of cyber-defense from end to end. Around 70% of business decision makers are today more than concerned about the high cyber security risk their businesses are facing. Who are the target of these attacks? What is the amount of damage done by these attacks? What measures need to be undertaken to stay “safe” from these attacks?  Let’s dive into the world of cyber security and see how it can impact your contact center. Businesses today focused on quickly adapting to latest trends that a lot of business owners overlooked the simple aspect of VoIP security in regards to data breach until a point of no return. Major companies like Target, who saw their consumer perception drop by roughly 54% a year after their infamous 2013 data breach, have trouble recovering. So, while some major retailers and well-known brands can recover from a data breach, your business probably won’t be so lucky.  VoIP Security and Encryption  VoIP phone are more secure than normal landlines due to the simple fact that it has analytics and monitoring capabilities unlike normal landlines, who are more expensive in regards to maintenance cost and implementation. Encrypted conversation contain unreadable clutters broken into voice packets that are transmitted from one point to another, thus preventing them to be deciphered by hackers. Even in case of interception, encryption ensures that hackers won’t be able to decipher messages within the conversations. For a safe transfer to occur SRPT (Secure Real Time Transport Protocol) is used. It contains AES (Advanced Encryption Standard) to data packets while providing message authentication and offers additional security against potential replay. On top of SRPT, VoIP solutions needs to be encrypted with Transport Layer Security to protect data like phone numbers, caller names and other details. It also refrains message tampering and call eavesdropping. Both TLS and AES are necessary if are seeking end to end encryption. Servers, ISPs, hackers, and telecom providers won’t be able to access your communication, as long as its end-to-end encrypted.  Here are a few common VoIP security risks along with security measures in order to stop business damage :   1.Packet Sniffing and Black Hole Attacks :  Packet Sniffing is one of the most common attacks faced by contact centers (small or medium sized ones), which allows hackers to tap into unencrypted information contained in voice data packets while being in transit from one point to another.  Packets Loss occurs when voice data does not reach their destination. Packets sniffers look to steal information via a packet drop attack (also known as black hole attack). Packets are intentionally inserted into your data streams and they overtake your router thus resulting in a slow connection or a loss of  connection. Using a VoIP VPN helps make your internet lines more secure. End to end encryption is also another way of securing your VoIP lines. These may take some time to put in place however it ensures protection against suspicious logins, unrecognized devices and more through a constant network monitoring.  2. DDoS Attacks  : DDoS (Distributed Denial of Service) attacks on the other hand occurs when servers are intentionally overwhelmed thus making businesses unable to use their own VoIP. The use of botnets (manipulated remotely controlled bots created by hackers) are the main cause of DDoS. The modus operandi is very simple: Flood all channels of communications (website, servers and networks) with so much data and request that they can handle causing a sort of overload to render VoIP inoperable.  Common signs are:  Unexpected and lengthened bandwidth spikes  503 HTTP Error Responses  Slowed Service  Unusual traffic from similar devices, IP addresses and locations.  To diminish DDoS attacks, VLANs (Virtual Local Area Networks) specially designed for VoIP flux is considered the best option to be used here as it makes it easier to recognize unwarranted and bizarre data flows. For users across WAN (Wide Area Network), monitored encryption is the best way to protect your business against DDoS attacks.    3. Vishing : Vishing is the same as Phishing. The only difference here is that the hackers will use voice communication methods to get end user reveal sensitive information like passwords, credit card information, security codes and much more. Hackers use a method called Caller ID spoofing; where your caller ID credentials appear to be legitimate. It can be a call from your local bank stating that your account has been compromised and they would need your password to secure your account.  In depth verification methods needs to be put in place in order to verify all caller ID and phone requests even if it looks like it’s coming from an IT dept. Another tactic that can be used here would be through proper agent training. Agents should be told to not disclose any confidential information unless it has been validated by a supervisor.  Signs of Vishing are:  Short and unusual numbers appearing on call screening caller ID Display.  Startling calls from known or famous companies  Persistent request to provide confidential information for verification purposes.  A false sense of urgency created from the caller.  How to prevent Vishing:  Do not provide confidential information over the phone to anyone that falls under your suspicion radar.  Join a Do Not Call Registry  Don’t respond to voice prompts via voice answers

Read More »