Both VoIP and PBX phone systems are susceptible to hacks that can be traced back to simple vulnerabilities that can easily be avoided.
Using the internet means that both these virtual phone systems are susceptible to hacks. This is why after you set up your phone system, you should take a few extra steps to make sure that your system is secure too.
You are not only keeping your own business safe by going through some simple security protocols, but you’re also protecting your clients and customers and maintaining their trust by doing everything you can to keep their information safe and secure.
Make sure that you frequently check and update your software to the latest version available. This version will have fewer bugs and weaknesses that can be exploited by hackers than older versions.
The updates can also sometimes include patches to major vulnerabilities identified by other users that you can avoid having to experience if you update.
With more and more updates, older versions also tend to stop supporting certain elements and features, which is another reason you should make you’re up to date, as this can also lead to problems with usage.
Port forwarding is set up usually for remote access to the PBX system. However, this can increase your chances of being hacked as it leaves the system more vulnerable.
Instead, you would be better off using a VPN to let remote devices access the network, as it doesn’t require port forwarding.
If port forwarding is necessary:
Disable both international calls and other expensive features that you know you won’t be using. This is more damage control than anything else. Once a hacker does gain access to your system, they will probably use it to make and receive international calls.
If you are using your VoIP business phone system to make international calls, make sure that you block calls to countries you won’t be calling.
Regularly monitoring your call logs can also help to spot unauthorized access. However, hackers don’t tend to attack during business hours. You will often find that this kind of stuff happens either after working hours or during holidays and weekends. In this case, you can set up limits on call minutes (if it’s available with your provider) and push notifications for usage limits to try and prevent a silent attack.
Most providers offer advanced call analytics which will allow you to filter through your calls to easily spot unfamiliar calls.
NAT is a feature on your router that gives your PBX devices a private IP address only seen on your Local Area Network (LAN) so that hackers can't see it.
Hackers use tools to scan for systems that don't have NAT enabled, which can include making silent calls so that the hacker knows what device you're using.
According to AlertLogic, 65% of hacks are targeted at 3 ports – 20, 80, and 443. You can’t disable all those ports, so we’ll look at what to do with this terrifying statistic.
Port 20 is used to transfer data. Port 80 is used for HTTP connection, and port 443 is the secured HTTPS connection.
While port 80 is infamously known as the most dangerous port that should be disabled, it is no worse than other ports. It also doesn’t mean that disabling it would make your server more secure. The best thing to do is to leave port 80 open but redirect port 80 requests.
Disabling port 80 would mean that you lose out on redirects. When people type HTTP instead of HTTPS and are met with an error page, they will most likely go back to google instead of trying with an s. A redirect is much better for the customer. Disabling port 80 also doesn’t stop hackers from interfering with the HTTP page and intercepting traffic from customers who have used HTTP.
Make sure that your port 443 is patched and that you're using a valid SSL certificate to keep things on that side secure too.