Cyber security is no longer an optional extra – it’s a necessity
Almost every day we see headlines in the newspaper that emphasise the importance of protecting your business, and the dangers associated with failing to heed these warnings. It was only a matter of days ago that we heard about the devastating Dixons Carphone data breach, which involved 5.9 million card payments and the personal data records of 1.9 million people. This was a typical example of the financial and reputational damage that can be caused through cyber security negligence. Indeed, cyber crime is set to cost businesses around $6 trillion globally by 2021.
While many believe that cyber attacks are targeted primarily at holes in systems and personal data, the truth is that telecoms systems are just as vulnerable as anything else. In the same way that businesses use anti-virus software and firewalls to protect their systems, it’s imperative that secure encryption is a part of any business telecoms set-up.
Why is encryption necessary?
Telephony is an integral part of any business. It’s essential for effective communications and be used for all manner of different reasons, whether it’s an informal chat or a confidential discussion. But it is now just as susceptible to being hacked as the rest of an organisation’s IT infrastructure.
This hasn’t always been the case. Traditionally, businesses relied on ISDN for their telephony services – a traditional method that allows both voice and data services to be delivered simultaneously over digital lines – and is an incredibly secure telephony method that leaves very little room for hackers to exploit it.
However, it is also a slow and outdated technology, and so it is being quickly replaced by more modern alternatives. BT is planning to switch off ISDN entirely by 2025, with all businesses having to move onto an IP-based network instead. This means that, slowly but surely, ISDN will become obsolete, while engineers will have to re-train to use alternative technologies.
The problem with IP
Unfortunately, despite the agility and flexibility afforded by IP, it also carries increased security risks when used for VoIP.
Part of this lies in our own innate comfort and familiarity with IP-based communications. When we send an email to a work colleague or chat to a family member using a VoIP service like Skype, the vast majority of us are thinking solely about what it is we are saying, or what it is we are listening to or reading. We rarely think about how this information is being transmitted to the other party, and how easy it might be for someone to intercept these communications.
The truth is, every communication made over IP – including voice – is nothing more than a data packet. These packets could be small or large, and they could contain publicly available information or highly sensitive information. But one thing is certain: all packets are valuable to hackers. Therefore, all packets need to be protected with the same level of detail and attention as businesses invest into wider security-related issues.
It’s also worth considering the intentions of the hackers themselves. While their primary motive tends to be financial gain – with confidential information and data being sold for profit on the dark web or elsewhere – there are other reasons at play. Some might be looking to inflict maximum damage on a business for a certain reason, while others might simply choose to embarrass an organisation just because they can.
The importance of data security is heightened further through the recent enforcement of the General Data Protection Regulation (GDPR). This has forced businesses to think more seriously than ever about how they are protecting any personally identifiable data they have on file. Its arrival also means there’s no better time for businesses to adopt a self-policing policy that allows them to deal far more effectively with any data-related issues, before they become too large to handle.
Peace of mind
For businesses looking to swerve these IP-related issues and ensure all their future VoIP efforts are safe and secure, encryption is the ideal solution. Essentially, it adds an extra layer of defence to your telecoms system, making it harder for nefarious individuals to access the data packets that are being transported across the IP network. With new regulations like the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI-DSS), this has never been more crucial.
Depending on the level of encryption itself, organisations can defend themselves against toll fraud. This is an emerging form of cyber attack that involves hackers accessing a telephony system and using it to ring premium rate numbers, leaving the businesses themselves with huge phone bills to deal with. Proper encryption can hide the phone systems from hackers and make it far more difficult for them to carry out their plan.
The benefits of IP-based telephony over ISDN cannot be denied. It’s quick, it’s simple and it allows businesses to operate via a unified IT infrastructure. But it also carries numerous risks that all businesses should take heed of.
However, by embracing encryption, organisations can operate with the same level of reassurance that they enjoyed in the ISDN days. Through awareness, education and action, we can all take the right steps to avoid being unknowingly caught out by hackers looking for new avenues to attack.
About the Author
Nick Claxson is Founder and MD at. Comtec. With over 23 years specialist IT experience, Comtec offers a winning blend of innovation, ingenuity and knowledge to drive successful IT implementations and ongoing customer success