Image of lock which repesents security for business phone systems.

Business Phone Systems – Security Best Practice

If your business phone system is not managed properly and system security is weak, it could be vulnerable to hacking. Historically, there is a high risk of PBX fraud as a result of hacking attempts on business phone systems during holiday periods. This is due to business premises being left empty for longer than usual, coupled with a lack of, or minimal system usage monitoring. With global telecoms fraud costing businesses up to £29bn a year, don’t get caught out. For peace of mind, follow some simple steps to secure your business phone systems.

The Columbus approach

Whether it is unauthorised calls being made from within the workforce, malicious disruption or organised crime, Columbus make it easy to apply rigorous barriers to help limit exposure to fraud by pro-actively monitoring spend. If you use the Columbus hosted business phone system called Horizon or use the Columbus SIP Trunk service you can apply spend limits against accounts. The service is free of charge and gives you the peace of mind that fraudulent activity will be picked up before any suspicious spend exceeds the threshold limit. With our free fraud management service you can pre-set individual call limits and set-up automatic call barring and alerts if thresholds are breached.

For traditional business phone systems you should also consider the following Columbus best practice guidelines to secure your system:

  1. Remove all default password settings and limit access to any maintenance ports.
  2. Change Passwords and access codes regularly and create longer passwords using both alphanumeric combinations. Avoid 000, 1234 and extension numbers.
  3. Consider limiting or barring call types by extension – if a user has no requirement to ring international/premium rate numbers then bar access to them.
  4. Review any DISA (Direct Inwards System Access) settings and control/deactivate. This is typically used to allow employees to dial in remotely and make outbound calls (usually high value call types such as mobile and international calls) via the company business phone system.
  5. Secure the system physically – site it in a secure communications room and restrict access to this area.
  6. Schedule regular call usage reviews. Analyse calls by originating extension and identify irregular usage patterns.
  7. Ensure you fully understand your business phone system’s functionality and restrict access to services which you do not currently use or need.
  8. Block access to unallocated mailboxes on the system and change the default PIN on unused mail boxes.
  9. Be aware of evidence of hacking. Not being able to obtain an outbound line is usually a good indicator of high volumes of traffic going through your system at any given time. Check for calls outside of business hours for example.
  10. Assess security of all PBX peripherals and applications: platform, operating system, password and permissions. Evaluate the security of any on-board remote management utilities you may use such as PC Anywhere etc.

If you require additional advice please contact us on 0333 240 7755 or use the contact form.