Hanging onto an aging phone system to avoid the costs of an upgrade creates significant business risk — and dropped calls or choppy connections might not be the worst that can happen.
In addition to maintenance and functionality issues, outdated business phone systems compromise security. When vendors stop providing patches, updates and bug fixes, systems become exposed to a range of vulnerabilities that criminals can exploit to steal customer credentials, sensitive data and intellectual property.
Unsecured PBX systems are particularly inviting — and surprisingly easy — targets. Vendors typically ship PBXs with default passwords, many of which can be found in online user manuals. Hackers can easily gain unauthorized access if organizations don’t change the passwords. They can then conduct a variety of fraudulent activities that can cost unsuspecting companies hundreds of thousands of dollars. According to research by the Communications Fraud Control Association (CFCA), PBX hacking costs businesses worldwide nearly $2 billion a year.
Ringing Up Fraudulent Charges
PBX hacks are frequently used to launch a type of toll fraud known as international revenue share fraud (IRSF). These schemes leverage Premium Rate Numbers (PRNs) such as the 1-900 numbers used for adult chat lines or psychic readings that charge callers more than $1 per minute. After hacking a PBX system, criminals can use high-speed computers to send hundreds of calls per minute to premium numbers. Then they split the take with PRN providers.
In one widely publicized example of IRSF, a small architectural company in Georgia received a phone bill for $166,000 — equivalent to about 35 years’ worth of phone usage based on the firm’s typical $400 monthly bill for four analog phone lines. Company representatives quickly realized all the charges accrued during a single weekend when nobody was in the office. Hackers had broken into the company’s PBX and initiated numerous long-distance calls to PRNs in Gambia, Somalia and the Maldives.
Getting these fraudulent charges removed isn’t always easy, either. Phone carriers won’t always waive these charges, and companies have been known to rack up hefty legal expenses trying to settle with their providers.
Older phone systems are vulnerable to many other types of attacks as well. Misconfigurations, open network ports and unprotected Direct Inward Dial (DID) accounts create openings for hackers and fraudsters to create back doors into critical assets such as customer databases and business applications. In some cases, attackers set up their own extensions and use the phone system for spam and robocalls.
Upgrading Security
Upgrading to modern unified communications systems can alleviate the risk, cost and stress of such vulnerabilities. New systems will have an array of built-in security features such as TLS encryption, two-factor authentication, virtual private networking and content filters. Additionally, they are eligible for regular software updates, security patches and bug fixes.
A service provider with a deep understanding of IP communications and the threats to those systems can further boost security. Providers can conduct network assessments to identify any existing vulnerabilities or potential risks and ensure the proper implementation and configuration of firewalls and session border controllers that help ensure the secure flow of voice and data traffic. Providers can also track and monitor call volume for indicators of fraudulent activity.
It’s well understood that older phones are susceptible to maintenance and operational problems. However, few organizations fully realize the security ramifications of aging and unsupported systems. The IP communications experts at Cerium Networks can help you evaluate and implement new, feature-rich solutions that help your organization become more efficient, productive and secure. Contact us to set up a consultation.
Outdated business phones increase your exposure to a variety of cyberattacks. Cerium Networks’ communication specialists can evaluate, implement and manage a new system that can minimize risk while also improving efficiency and productivity.
