How to protect your business voice system from hacking

PBX systems are susceptible to cyberattacks. Here are three strategies for protecting your business voice system against hacking attempts.

Australian businesses must be aware of an overlooked entry point for cybercriminals: their business voice system. These are tantalising targets. Attacks on phone systems are netting massive hauls for malicious actors – US$7.46 billion combined for both PBX and IP PBX hacking, according to a 2015 survey by the Communications Fraud Control Association.


A PBX (private branch exchange) – the device used for managing phone lines shared by multiple users within an organisation – offers attackers several ways of defrauding a company for thousands and thousands of dollars. One of the most common tactics is to take control of the system and place a large volume of calls to premium pay-per-minute phone numbers owned by the attacker.

Hackers can also attack a PBX through a dedicated denial of service (DDoS) attack – or even hijack a PBX into being an unwitting participant in such an attack on another party. Cybercriminals use DDoS attacks to shut businesses out of key systems, whether to extort money in ransom or to simply damage the organisation by disrupting operations.


Fortunately, there are several steps Australian organisations can take to protect their business voice system from hacking. Let’s look at three key tactics.


1. You’ve got to hide your PBX away


Hackers are opportunists. They will pounce on easy targets, no matter how big or small. Running a SIP solution over a private network keeps your PBX quarantined from the public internet, meaning hackers simply won’t even be able to detect it, much less access it.


Running a SIP solution over a private network keeps your PBX quarantined from the public internet.

2. Use a managed firewall


Having a managed firewall in place is one of the best ways to guard against DDoS attacks. With continuous monitoring over traffic coming in or out of a PBX, businesses gain a greater perspective on unexpected and suspicious increases in people dialing into or from the PBX.


3. Change your default PIN


This strategy is the ‘turn it off and on again’ of business voice security – it may sound like the simplest technique, but it really does work. Far too many organisations end up keeping the default PIN or password that came standard with their phone system. One of the first things a cyberattacker will try when attempting to access a PBX is run through the standard default PINs, such as 0-0-0-0 or 1-2-3-4. Even if a manufacturer-supplied PIN is longer or more complicated, hackers could find it with a simple online search.


Your provider is the last pillar of a strong and secure business voice system. At Telarus, our team has a wealth of experience with network security, data and IP telephony solutions. Contact us today or watch our video about SIP trunking to learn more.


Related Stories