• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Metals
    • Precious Metals
    • Copper Alloys
      • Bronze & Brass
      • Master Alloys
  • ITAD
    • What is ITAD?
    • IT Inventory Services
    • ITAD Programs
      • Data Center Services
      • On-Site ITAD Services
      • Box Program
      • ITAD Processing Facilities
    • IT Asset Recycling
    • IT Asset Remarketing
    • Secure Data Destruction
      • Secure Data Wiping
      • Shredding and Crushing
      • Degaussing
      • FIREMELT™
    • Reporting
  • Secure Destruction
  • About
    • Why work with Sipi?
    • Certifications
    • Leadership
    • Coverage Map
    • Our Markets
    • Careers
    • ITAD White Papers and Case Studies
    • News
    • Events
  • Blog
  • Contact
    • Locations
  • Español

Sipi

blog

Home / Blog / Watch out for these data security risks when communicating over VOIP

Watch out for these data security risks when communicating over VOIP

62% of businesses in 2018 experienced social engineering hacks, a type of phone scam that masquerades as a genuine call to get valuable information about a given company. 1

As with any device on your network, care should be taken when selecting, installing, and using Voice Over IP (VOIP) phones.  Beyond the basic security protocols you should be using for any device on your network, be sure to use a reputable service provider that has a robust and redundant network.

Since VOIP technology relies on the internet to process calls, it is inherently vulnerable to common attacks.  Further, since these devices require network credentials and access to your network, they can make you company more vulnerable to attack.  The most common threats we find are:

  • Call Tampering
    • Not only will hackers attempt to deny service, but they may also try to disrupt the calls you’re on. They can slow down the network and make call quality unstable.  In some severe cases, they can even listen in.
  • Vishing
    • A form of Phishing where attackers mimic a valid number to trick users into thinking the call is legitimate. They can they gain information that could eventually lead to further security breaches.
  • DDoS
    • A form of call tampering, Distributed Denial of Service attacks are when a network is overwhelmed by data that utilizes all available bandwidth. While this can be disruptive to any network operation, it would be impossible to make or receive VOIP calls during an attack.
  • Malware and Virus
    • As with any system connected to the internet, VOIP phones are susceptible to viruses, malware, and other harmful programs. Once infected, attackers can gain access to the system and other devices on your network.
  • VOMIT
    • Voice over Misconfigured Internet Telephones is a way for hackers to take voice packets and other call information during your calls. They can potentially eavesdrop on the call, learn where the call originated, and harvest other sensitive information.
  • Eavesdropping
    • Once an attacker has access to either the network or device, they may be able to listen in to all calls, gaining access to personal and sensitive information.
  • Spam/Robocalls
    • An attacker could gain access to your system and send voicemails/robocalls to thousands of people each day. With your legitimate identifiers, they pass themselves off as genuine, bypassing typically spam blocking technologies.

70% percent of organizations surveyed by Corero said they experience 20-50 DDoS (distributed denial-of-service) attacks per month.2

Although most of them aren’t successful, the growing problem is that with powerful machines, specialized tools, and much better bandwidth than ever before, cybercriminals can now launch DDoS attacks much faster and cheaper.  This means that companies of all size are at risk.

So what can be done?

As with all your network devices, use a strong and unique password.  While inconvenient, each VOIP device should have its own username and password.  If available, using Multi-Factor Authentication (MFA) will protect you even further.

Perform system updates regularly.  Just like there are patches available for your workstations and servers, most VOIP devices require system updates from the manufacturer or service provider.  These should be applied regularly to all VOIP devices on your network.  While these updates often require a reboot, keeping up to date will minimize your risk.

Monitor call logs for suspicious patterns or anything out of the ordinary.  Calls made outside working hours or to overseas locations may be the first signs of a breach.

Require VPN connectivity for remote users.  Insecure WiFi is a threat to any device on the network, and VOIP devices are no exception.  While it may be easy to connect to any available network, company policy and best practice should require a secure connection every time.

Select a reputable service provider that offers call encryption, network redundancy, and support.

VOIP Blog Image

Overall, VOIP devices are safe and efficient communication tools, as long as they are configured properly, updated regularly, and on a secure network.

As you make changes to your VOIP network or decide to replace or update your VOIP devices, we recommend contacting an IT Asset Disposition (ITAD) specialist for proper disposal

As mentioned earlier, these devices have network access and credentials.  They may also store contact information for clients and other users.  Care should be taken to ensure they are properly wiped so your information isn’t inadvertently accessible to others or used maliciously after you’ve discarded the equipment.  Your ITAD specialist will ensure that all stored network information, credentials, and call logging information is securely destroyed.

1 15 Alarming Cyber Security Facts and Stats | Cybint (cybintsolutions.com)

2 DDoS Attack Statistics, Facts and Trends for 2018-2022 (comparitech.com)

OTHER ARTICLES IN THIS BLOG SERIES

How to Mitigate the Data Security Risks of Wi-Fi Access Points

on 08 March 2022,

How to Mitigate the Data Security Risks of Wi-Fi Access Points

on 08 March 2022,

Sending Sensitive Documents To Your Printer Is Risky Business

on 08 April 2022,

Sending Sensitive Documents To Your Printer Is Risky Business

on 08 April 2022,

Don’t be lulled into a false sense of security, Chromebooks are not invulnerable to an attack

on 06 May 2022,

Don’t be lulled into a false sense of security, Chromebooks are not invulnerable to an attack

on 06 May 2022,

Watch out for these data security risks when communicating over VOIP

on 14 June 2022,

Watch out for these data security risks when communicating over VOIP

on 14 June 2022,

PDUs Are A Gateway For Both Physical And Digital Intrusions

on 30 June 2022,

PDUs Are A Gateway For Both Physical And Digital Intrusions

on 30 June 2022,

The Security Risks of Windows Laptops

on 16 August 2022,

The Security Risks of Windows Laptops

on 16 August 2022,

How can Sipi help you? We’re ready to listen

Footer

Sipi Metals Corp.
1720 N. Elston Avenue
Chicago, Illinois 60642-1579
(800) 621-8013
(773) 276-0070
sales@sipi-metals.com
hr@sipi-metals.com for Recruiting, Legal
or Human Resource Questions

Sipi Asset Recovery
1300 W.N. Thorndale Avenue
Elk Grove Village, Illinois 60007
(847) 750-9350
sales@sipiAR.com

    

© 2022 SIPI METALS CORP  /  PRIVACY POLICY

HOME

ABOUT

CERTIFICATIONS

RESOURCES

COMMUNITY

CAREERS

CONTACT US

PRECIOUS METALS

COPPER ALLOYS

IT ASSET DISPOSITION

SECURE DESTRUCTION

NEWS

ITAD BLOG

COMPANY HISTORY

Sipi Corp Logo

  • Español

CONTACT US

"*" indicates required fields

Name*
Sipi Asset Recovery values your trust - data security is in the heart of what we do. By clicking below, you are providing consent for Sipi to securely store your data so we can respond to your request. For more information on how we protect your data, see our Privacy Policy. We look forward to getting in touch!
Sipi Asset Recovery values your trust - data security is in the heart of what we do. By clicking below, you are providing consent for Sipi to securely store your data so we can respond to your request. For more information on how we protect your data, see our Privacy Policy. We look forward to getting in touch!
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
Hidden
GDPR Agreement*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
GDPR Agreement*
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Name*
Hidden
GDPR Agreement*
This field is for validation purposes and should be left unchanged.