business woman concerned about VoIP security for her business

There are plenty of good reasons to make the move to Voice over Internet Protocol (VoIP) for your business calling needs. Whether you have outgrown the capacity of an old phone system or are simply looking for an affordable solution that will grow with you into the future, VoIP offers cost savings, scalability, and support for all the latest features.

But before you choose among solution providers, it is crucial to look at the level of VoIP security their solutions provide. How do they help to ensure the privacy of your voice communications and the reliability and availability of your VoIP network?

Why is VoIP security so important?

A decade ago, a business’s phone system, copiers, and IT services were all separate. Today, with VoIP and cloud-based applications in the mix, everything sits on a local area network (LAN).

This high level of connectivity is great for business efficiency and provides employees with access to everything they need to be productive. However, it also means sharing data over the Internet, making VoIP security more important than ever before.

In this connected environment, VoIP security helps to:

  • Protect your systems — your phones as well as your data — from unauthorized users
  • Keep personal or sensitive information and communications confidential
  • Provide network redundancy for disaster recovery and reliable access to phones and other business tools

How does VoIP security compare with traditional phone system security?

The reality is, no system is 100% immune to security threats — and that includes old-school premises-based telephone systems.

In the past, people “stole” from phone companies by figuring out how to mimic the tones used to route long distance calls. In the 1980s, the wide use of calling cards opened the door to hackers who figured out card numbers and used them to make calls at other people’s expense.

While today’s traditional premises-based phone systems are proprietary and difficult to hack, they are still subject to issues such as toll fraud. That’s where intruders take over part of a network and use it to route their own phone calls, racking up expensive charges on an unsuspecting victim’s phone bill.

Phone systems using VoIP and Session Initiation Protocol (SIP) can be vulnerable if they do not use encryption or if the business does not have a firewall on its internal (LAN) network. For example, hackers could decipher system passwords to access SIP trunks and use them to place large volumes of calls — often after business hours or on weekends, so the calls go undetected until the monthly bill arrives.

Since VoIP calling uses the Internet, it can be exposed to the same kinds of security threats as computers, such as malware, viruses, denial-of-service attacks, spamming, phishing, ID spoofing, or identity theft.

The good news is, today’s VoIP systems are secure as long as they incorporate some basic but critical security measures.

What are some important VoIP security features?

Before you commit to a VoIP solution, you want to be sure it provides the security, privacy, and disaster recovery protections your business needs. For example, many VoIP providers include fraud monitoring as part of their service, watching the network for any unusual activity and red flags.

Additionally, any system you are considering should support the following VoIP security features.

256K VoIP Encryption

Surprisingly, not all VoIP providers have data encryption. Therefore, it is vital to ask if voice traffic is encrypted to protect conversations and prevent eavesdropping.

Without encryption, a third party could gain access to passwords, user names, and phone numbers, to hijack phone services or obtain account credential or business data.

Those providers who use 256K VoIP encryption are not only ensuring that calls are nearly impossible to break into — they are also protecting the security of other data on the LAN. Other voice encryption technologies that protect call privacy and data integrity include:

  • Transport Layer Security (TLS), which provides a secure channel between the devices of calling parties
  • Secure Real-Time Transport Protocol (SRTP), which adds an extra layer of encryption in each call’s voice stream

VoIP encryption is especially critical for doctors’ offices, hospitals, and other medical facilities that must comply with HIPAA and Sarbanes-Oxley requirements regarding patient privacy. It is also crucial for law firms and any other businesses that commonly deal with confidential calls and information.

It’s important to note that not all VoIP providers are VoIP HIPAA compliant. To learn more about compliance, check out the top 10 questions about VoIP internet phone service.

Dedicated Server

For an extra level of VoIP security, a dedicated private server on your LAN can provide your business with added peace of mind by allowing you to implement your own unique security policies.

For example, the VoIP server can be configured to accept calls only from certain phones or IP addresses or to restrict calls by department, team, or employee. It can even provide added levels of authentication, such as requiring VoIP calling parties to validate each other before a call begins, using technology like speaker recognition.

VoIP Firewall and Session Border Controller

A VoIP phone system benefits from many of the same kinds of network security protections as a computer system that is connected to the Internet.

The addition of a VoIP firewall to your system will act to monitor and control traffic between your internal voice network and the Internet. A firewall used in combination with a session border controller (SBC) serves to distinguish between different types of network traffic, allowing voice calls in while blocking threats.

For example, a dedicated VoIP firewall with an SBC can analyze and manage SIP ports, opening and closing network access as needed to prevent malicious attacks and guard the privacy of the network.

Privacy Policy and Service Level Agreements

You should expect a VoIP provider to put its privacy policy and service level agreements (SLAs) in writing. That way you will know:

  • Exactly what levels of VoIP service and uptime are guaranteed
  • How quickly service will be restored if there is a disruption
  • What actions the provider will take if there is a VoIP security issue
  • What data is stored — such as call logs and user information — where, and for how long
  • Whether the data is shared and with whom

A written privacy policy and SLAs show that a VoIP provider is committed to delivering on its service promises.

How redundant is the VoIP system?

Many VoIP providers offer phone redundancy and disaster recovery as part of their service, often at no extra cost. Some also provide a backup circuit or wireless network that duplicates the primary Internet connection and provides service in the event that the main connection goes down.

In addition, with the ability to “twin” IP phones to users’ mobile phones, calls can still be made from and received on the VoIP system even if the power or Internet is out at your physical location. Or, employees can take their IP phone home, plug it into their Internet connection there, and work as if they were in the office, with access to all the same features and tools.

What’s your first step to VoIP? Get an assessment with a carrier-agnostic expert!

With dozens of VoIP service providers in the New York City metro area, how do you begin to evaluate which one is right for your business?

Working with a carrier-agnostic consultant like SOS will help you get the best recommendations for a VoIP solution, as well as for other office technology needs.

Being carrier agnostic, we can match you with the right VoIP provider based on an in-depth conversation about your specific needs, not just in terms of features and price, but also:

  • Capacity and future-readiness
  • Network reliability and redundancy
  • VoIP security, privacy, and disaster recovery
  • SLAs and support
  • And more

To get started, call today to schedule your free technology assessment.

New call-to-action
SOS Logo