Page 42 - Cyber Warnings
P. 42
Is your desktop telephone secure?
IT security should include Telephony security
by Wim Brouwer, Product Manager, RSconnect
Protecting sensitive and personal data is a key priority today at many organizations worldwide.
This focus is stimulated by the many examples of cyber crime, often with serious impact for the
companies involved. Also, many organizations work hard to implement new data privacy laws.
An example is the European General Data Protection Regulation (GDPR). This set of data
privacy rules has been approved by the European Parliament in 2016 and has to be
implemented by companies in all EU member states in 2018. So, IT security experts make long
days to help their customers to implement the appropriate data protection measures.
However, data is not just ..data
Since we are talking about IT and data security, the focus typically is on the IT infrastructure and
services. Either implemented on premise or used from a cloud service provider. All attention is
on issues like computer access, data encryption etc. Which sounds reasonable, since we are
talking about data protection, aren’t we?
Data protection also involves telephony and voice!
Given the serious threats delivered to us via computer software and data infrastructures, we
tend to develop a blind spot for our telephones. Perhaps not so much for our smartphones since
we are aware that they have similar capabilities as our computers. But we do have this blind
spot for fixed line telephones. Although they have become technically advanced devices as well,
we often consider them as basic equipment. You can use them to make a voice call and that is
it.
Nevertheless, as I will illustrate in a few examples, there are serious security risks which make it
worthwhile to review the security aspects of your enterprise telephony system.
Risks at the back-end of your Unified Communications and VoIP systems
The risks which are most comparable to the ‘well-known’ IT security risks are hackers attempts
to access the ‘back-end’ of enterprise telephony systems. When someone gets unauthorized
access to centralized PBX or call manager servers, there are numerous security breaches
which we can think of. It is for example possible to access voice mail systems. It is possible to
use the system for toll fraud scenario’s and it is possible to launch Telephony Denial of Service
Attacks. Just to mention a few examples.
Don’t ignore the front-end risks of your Telephone system
42 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
