Sirelark Divider Graphic
Divider graphic

Cyber Risks & Liabilities: Voice Over Internet Protocol

The allure of Voice over internet Protocol (VoIP) technology—using an internet connection to make phone calls—is dazzling, but don’t get blinded by the novelty. Before adopting VoIP, consider its benefits and risks.

The Technology

VoIP relies on digital technology rather than traditional analogue phone lines. It requires a high-speed broadband connection, but can contact people with a broadband connection or a personal telephone.

Callers can usually access VoIP wherever they have a high-speed internet connection, making the technology more reliable than other services. You can configure VoIP in one of these ways:

  • Dedicated routers let you use your traditional phones to make VoIP calls. You connect the router to the high-speed internet source, then connect your phone to the router. With an appropriate VoIP provider and service plan, dedicated routers require little added software or extra setup. You can use your router to make calls while travelling provided you have high-speed internet access.
  • Adapters plug into your computer, usually through the USB port, and feature a socket where you connect your phone. The call is made through your computer’s internet connection and works for a standard or mobile phone.
  • Softphones are software applications that allow you to place calls directly from your computer. Users can typically talk to other people using the same service for free, with other calls costing a small fee. Softphones require the least bit of investment since most businesses already have most of the necessary components.
  • Dedicated VoIP phones look like regular phones but connect directly to a computer network rather than a phone line. Some have a base separate from the phone that creates the internet connection, while others may simply be a normal-looking phone.

The Benefits

Most businesses already possess a viable internet connection, making them poised to take advantage of VoIP’s many benefits, including the following:

  • Efficient bandwidth use. Compared to regular networks, VoIP is more efficient with bandwidth and equipment use, requiring less to do more.
  • Low transmission costs. Less bandwidth and equipment means each call your employees place will cost less than one made on a normal telephone. Many services even offer free international calls.
  • Consolidated network expenses. Businesses normally have a separate telephone line and computer network, but consolidate these two networks for their VoIP connections, saving on operation costs in the process. Internal calls between employees are much cheaper by using the business’ already existing internet connection.
  • Increased employee productivity. VoIP phone calls allow employees to send data files while talking without being hindered by a lack of mobility. Employees can take advantage of multiple-party calls or video conferencing, which are impossible on a normal phone. They can also access their offices from home via a VoIP connection.
  • Access to more communications devices. Unlike standard phones, VoIP phone calls are not limited to contacting other telephones. Users have more access to other communication devices, broadening businesses’ reach.

The Risks

Although the benefits of VoIP seem poised for long-term sustainability, the technology is not without its flaws. Consider the security risks and quality drawbacks, enumerated below, before committing to VoIP for your business.

  • Less security. Calls over the internet are much less secure than calls over a traditional phone network. This gives rise to several possible security vulnerabilities:
  • Call fraud, where a caller impersonates another user, potentially gaining valuable information or access.
    • Phishing, when a user falls victim to a ruse and voluntarily provides sensitive information to a malicious party.
    • Eavesdropping, where a hacker can listen in real time to a conversation or reconstruct it after the fact.
    • Viruses, which damage your network.
    • Intercepted calls, meaning attackers cannot only listen to a call, they can intercept any data files sent via the VoIP connection.

VoIP can actually render your system vulnerable since more connections mean more pathways for hackers or malicious programs to gain access.

  • More spam. Because VoIP communication is generally cheaper, telemarketers can send more messages, and their messages can be much bigger, requiring more storage on the recipient’s end and potentially interrupting service.
  • Slight delay. There is a small but noticeable delay between a speaker saying something and the listener hearing it.
  • Variable echo. Call quality is worse with VoIP connections—a variable echo can appear, ranging from only annoying to completely distracting and ruining the efficacy of a phone call.
  • Additional upgrades. A VoIP system needs regular software upgrades, called patches, meaning businesses will need to set aside downtime for telephony upgrades, even though many businesses have never established telephony maintenance time before and may find it difficult to schedule.

Top Security Tips

The risks of VoIP need not outweigh the benefits—implementing a stringent security plan when adopting and maintaining a VoIP system can help curtail many of the nascent technology’s risks. Use the following top security tips to keep your system secure:

  • Update software. If your VoIP software provider releases patches for the program you use, install them. They will ensure your program is protected from any known vulnerabilities in the old version.
  • Install and maintain anti-virus software. Wield anti-virus software as a guard against malicious attacks. Hackers continue to develop new attack routes, so keep your anti-virus software up to date.
  • Capitalise on security options. Providers usually offer security options such as free encryption. Take advantage of any available security incentives.
  • Enable a firewall. Firewalls help prevent malicious attacks and virus infections. Your system may already have a firewall that needs to be enabled.
  • Evaluate security settings. Before implementing a VoIP system, assess your security infrastructure and toughen it up based on your findings.
  • Secure and back up personal and financial data. If attackers do gain access to your system, minimise the damage by securing and backing up your data so you still have it after a breach.
  • Create strong passwords. Security starts within your own organisation—apply tough requirements for password creation to deter attackers.
  • Encrypt communications. Use your provider’s encryption services or purchase your own. If your VoIP communication is intercepted without being encrypted, attackers can eavesdrop with little effort.
  • Switch off the VoIP system during inactive periods. Switch off the system during periods of absence such as bank holidays, since frauds tend to take place on Friday nights, giving hackers the weekend to maximise time.
  • Set VoIP spending limits. Contact your service provider to set spending limits, ensuring your business does not pay for fraudulent calls exceeding a certain amount.
  • Establish liability. Ask your provider to amend your service conditions, making the provider liable for fraudulent calls—providers can only say no.
  • Restrict international numbers. Many fraudulent calls are made to places like Asia, Africa and Eastern Europe—restricting calls to these locations can help stop fraud before it happens.
  • Limit the maximum number of concurrent internet connections. Your provider limiting concurrent connections will help you avoid any unnecessary or fraudulent internet activity.
  • Ask your provider to undertake weekly audits. Auditing weekly for open ports which could serve as channels for fraudulent activity helps ensure your security is vigilant and top-notch.

As technology develops, so do the threats. But a proactive approach and the support of the insurance professionals at Sirelark Risk Services can help you stay ahead of the curve and plan for a successful future.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2013-15 Zywave, Inc. All rights reserved.

Latest blog posts