Recent press reports have featured high profile organisations being the victims of cyber fraud.  Here at Glemnet we take cyber fraud very seriously and want to highlight to our customers that all technology can be ‘hacked’, including your telephone system, with every organisation having a duty to take responsibility for their site security.

To help you combat the threat, we’ve shared here the Golden Rules as advised by Ofcom and the FCS (Federation of Communication Services) in the fight against our cyber enemies. Ofcom takes the view that in the first instance it is the responsibility of users to protect themselves against fraud (in the same way that you lock your doors and windows to protect against burglars). Whilst there is never a 100% guarantee of security, by following these steps you are doing everything you can to help protect your company:

CUSTOMER CHECK LIST 

(a senior manager should be aware of these safeguards and ensure staff follow them as relevant)

  • Remove all default password settings when deploying the PBX and limit access to any maintenance ports.
  • Passwords and access codes should be changed regularly and if possible be alpha/ numeric and as many digits as the system allows. Avoid 000, 1234, extension number=PIN passwords.
  • Delete/change passwords for ex-employees.
  • Consider limiting call types by extension, if an extension user has no requirement to ring international/premium-rate numbers then bar access to these call types.
  • DISA – (Direct Inwards System Access) is typically used to allow employees to dial in from home and make outbound calls (usually high-value call types, ie mobile, international etc) via the company PABX. Your CP has deactivated this; if reactivated it should be closely controlled.
  • Secure the system physically, site it in a secure comms room and restrict access to that area.
  • Regular reviews of calls should be carried out to cover analysis of billed calls by originating extension also to identify irregular usage and unexpected traffic.
  • Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.
  • Mailboxes – block access to unallocated mailboxes on the system, change the default PIN on unused mailboxes.
  • Be vigilant for evidence of hacking – inability to get an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside business hours.
  • Assess the security of all PBX peripherals/applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any onboard remote management utility (eg PC Anywhere) for possible holes.
  • Check firewall logs weekly.
  • If relevant set access PIN on smartphones that will use VOIP.
  • Limit VOIP registrations to the office network.
  • For SIP systems, set credit limits per phone per day.

For further information on Cyber Security, visit https://www.cyberstreetwise.com.

And of course, if you have any questions regarding the above, please do contact a member of our support team who’ll be able to talk you through anything - our number is 0208 639 0230.

Let’s be one step ahead of the game and beat the Cyber Fraudsters!

 

*For more information on our policy re fraud and our customers, please see item 14.5 of our terms and conditions.