Many have been talking about security in relation to leaks of sensitive customer data. Over the past few years, we have seen this type of leak in large companies. With increased monitoring, driven mainly by the arrival of the LGPD (General Law on the Protection of Personal Data), several companies have identified the urgent need to improve their security resources.
Through virtual attacks, hackers can invade systems and collect various usa phone number lists sensitive information about customers. One of the technologies susceptible to this type of attack is VoIP (voice over IP). Regarding a case of virtual attack that occurred in Europe, Chris Krueger, director of operations for Cisco Premier Certified Partner PEI, says "For a few hours one morning, an unauthorized user easily accessed call control on the SIP gateway and generated several thousand dollars in calls to Eastern Europe". This proves the importance of taking advantage of available security resources as a way to prevent data leaks. Check out some of these resources below and improve your company's defense against these types of attacks.
Investigate your VoiP service provider
To assess the security level of your VoIP, you need to check settings such as VLAN, user authentication and encryption, and compliance guidelines such as HIPAA, SOX, PCI. To do this, it is recommended to use resources such as SRTP (Secure Real-Time Transfer Protocol).
Protect your telephony voice systems
To secure voice systems, some important steps are necessary.
Install and update your operating systems regularly. With each new update, features are improved and become more reliable and resistant to attacks.
Configure a firewall and an IPS (intrusion prevention system).
This way, it is possible to track unusual voice activities by monitoring and filtering VoIP traffic, both authorized and unauthorized.
Physically lock down your team's Voice systems
To achieve this, it is recommended to require two-factor authentication, in addition to the use of domain restrictions.
Encrypt voice traffic of confidential calls
"Extra care must be taken to protect data in this type of contact, as it is the most susceptible to attacks. To do this, encryption can be performed according to segment, device or user. This way, it is possible to focus on encrypting more sensitive data traffic, as its indiscriminate use can cause excessive network latency or introduce operational overload. Therefore, encrypt signaling on your Internet gateway with Session Initiation Protocol (SIP) over TLS (Transport Layer Security). In addition, use VPNs for network connections via remote phones.
Establish strict security policies with users
To establish truly effective security, all members who use the company's VoIP system must be aware of the security features and apply them to their equipment. To achieve this, some points are important:
Use strong and complex passwords to access voicemail. In addition, passwords must be changed regularly, with a frequency established by the company's security policies.