If you are considering a Voice over Internet Protocol (VoIP) solution for your company, you may have some questions regarding VoIP security. VoIP technology faces many of the same vulnerabilities as other Internet traffic, and a few unique ones.
Many consumer VoIP products and solutions do not address security concerns as a high priority. VoIP service providers, however, realize how critical security is to their customers. While their products have vulnerabilities, as do all technology products, business class service providers deal with the security issue much better than freeware or low cost VoIP consumer product vendors do.
Go with a reputable VoIP service provider. Implementing a do-it-yourself, low-cost VoIP solution is asking for security headaches.
Most threats to VoIP solutions are a result of hackers gaining access to a business’s VoIP administration system, usually by finding holes in management software or gateways, to commit crimes such as:
While the list of threats may sound ominous, the cat is usually ahead of the mouse, and many technologies exist to combat these threats.
Firewalls, authentication, and encryption technologies are continually being enhanced to bring VoIP into their folds. VoIP service providers integrate this technology into their hardware and software products, and work quickly to plug holes in their security software.
First, understand how your prospective service provider protects VoIP calls. When you discuss and negotiate terms of service, ask questions such as:
Next, understand that while much of the responsibility for VoIP security lies on the service provider’s shoulders, your business needs to do its part.
Create a security policy as part of your VoIP implementation plan, and engage your service provider as a partner. Ensure the policy addresses items such as access to your VoIP system’s administrative software, installing the latest security upgrades, mobile access, and vulnerability of weak links such as smart phones and gateway connections.
In summary, your VoIP service provider must do its part, and you must do yours. Understand the threats and the technologies to mitigate them. Keep your service provider responsible, do your homework, and implement your security policies with vigor.