We hear more and more frequently that a given company has received a telephone bill which cost is up in the clouds. And despite that not all those phone calls were effectively made, the company must pay the full bill to continue enjoying of the service. Are these isolated facts? Is this a trend? Is technology unsafe?… Like any issue we face in our professional activity, multiple reasons may be found as giving rise to this event. Analysis is not always simple, impact may be significant, and even worse we may find out that the solution could have been at hand and very simple.
We know of the daily efforts of an IT team in their attempt to keep expenses under control. An event of this nature, occurred only during a weekend could throw overboard months of work.
Is technology unsafe?
If we think about history of Telecommunications, the corporate voice service has been part of that history from its very beginning, following technological evolutions and revolutions, and with a never-questioned security level.
The possibility of using other people’s or companies’ Voice service has always been there. As simple as “tapping” a neighbor’s analog line, wiring a parallel telephone and using it when the line’s owner is not using the phone. But these are isolated cases. The number of calls achieved through these methods is finite, and the economic damage resulting thereof is consequently limited.
Any company with a PBX – (Private Branch Exchange) faces similar risks; an external dialing rule configuration mistake; a redialing-enabled voice message system; a user who has not changed his/her password; and an unconditional call forwarding, all of the aforementioned circumstances may jeopardize companies and expose them to telephone fraud.
And what can we tell about VoIP? Listening to packages is certainly not a widely spread ability. Not everyone is capable to perform a technological attack on an IP PBX. But if a company uses VoIP or an IP PBX, it is certainly because they appreciate the business opportunity and service convergence that internet access brings to their operation. Unfortunately this opens a new risk, a whole universe of lurking IT hackers, a clandestine and highly profitable business looking out for weaknesses and security gaps.
The future of our companies relies on communications, as well as on the adjustment and smart implementation of new technologies available for the business.
These events suggest that we must be on the alert, creating policies, checking compliance and continuously monitoring what is going on in our communications system.
What can we do to protect ourselves?
We would like to share some tips that although obvious could in practice be the main grounds of telephone fraud –however this paper is not meant to determine the reason for the event or security gap, i.e. if there was intention or not to cause damage -:
- Do not choose the Head of your Voice Communications System Management based only on the cost. The main reason of fraud is an inappropriate programming. The manager may be your main ally or your main enemy at the time of preventing fraud. A telephone fraud may exceed that cost by several folds.
- Avoid configuring functionalities that enable outbound calls (from your communications system) to the Public Network as from inbound calls. For example, DISA functionalities, redialing from voice boxes, unrestricted call forwarding, just to mention a few functionalities usually enabled without control or monitoring.
- Design and share with your employees clear policies regarding voice service use in your company. Get support from the know-how and expertise of your Systems Manager.
- Conduct a proactive monitoring to comply with these policies, and use of your communications systems.
Level 3’s Voice Solutions service portfolio tackles this issue by following simple rules for their customers: a thorough selection of the Management Heads for the voice platforms; drafting of policies and best practices; continuous monitoring of voice services use; early detection of abuse or fraud events; and predefined action implementation. Though this is something we will address on a next issue.
Awareness and daily implementation of these simple rules are critical for the daily operation of our voice communications systems.
Please do not hesitate to contact us if you need immediate support regarding this topic.
Until our next issue.