How Secure Are Your VoIP Calls?

Updated: January 02, 2007

Sure, VoIP can be fast, cheap and efficient if you can manage the extra demands on your network—but is it secure?

Only as secure as the rest of your IT network. Unlike with the regular landline phone calls, it can be relatively easy to eavesdrop on VoIP calls, redirect them to other parties, or just engage in old-school scams by posing as a creditor or other fraudulent money-seeker. In addition, outsiders can hack into corporate networks and call from, say, New York to Japan on the company's dime. But if your existing IT system is secured, your VoIP system should follow.

There are potential problems with VoIP, but the major ones are much like the problems companies have with telecom today, says Jonathan Zar, secretary and outreach chair for the Voice over IP Security Alliance (VOIPSA) and managing director of Pingalo, Inc. "The biggest issues that we see, and what law enforcement sees, are around fraud and theft. While the other issues like [VoIP] spam are likely to become enforcement problems, the biggest concern for businesspeople should be protection against fraud and theft in all their various forms.

"Some of the most valuable information is exchanged through real-time communications: stock trades, confidential medical discussions and so on. ... The last thing you want is to have some competitors or worse, some criminal, have access to your data."

What to Do About It

Dan York, director of IP technology at Mitel Corp . and VOIPSA's best practices chair, says that compared with consumer VoIP, commercial enterprise VoIP systems are generally pretty secure.

"The enterprise stuff you'd have from Nortel , Alcatel , all the ‘Tels, they generally have secure solutions today, so when you put voice and call control out over the LAN, it has the potential to all be encrypted right off the bat.

"The message in enterprise VoIP is it's all secured, or can be. It's a question to ask your vendor: ‘What do you do to secure things on your LAN?'"

Mark Collier at the blog VoIP Lowdown recommends physical measures like having separate VLANs for voice and data, which allows your business to prioritize voice over data and monitor voice traffic more closely for fraud and eavesdropping. He emphasizes non-physical measures even more, such as firewalls, encryption , digital security certificates, intrusion-detection systems and other software-based measures that are already standard in the world of data security.

Jonathan Zar of Pingalo and VOIPSA recommends that CEOs and CIOs ask themselves a few questions about their overall communications picture. "Do we appreciate across the team the importance of protecting our phone conversations as well as your physical assets and documents? Are we taking all the steps required to protect ourselves from fraud and theft? Could we assure our investors, suppliers, customers, and any regulators in our industry, that we have done our best to protect all our communications?"

Dan York of Mitel and VOIPSA cites five specific factors CEOs should look at:

  • Protecting the voice stream from eavesdropping, a particular worry for financial institutions
  • Ensuring call control—that messages get from Point A to Point B without being modified
  • Securing and authenticating Web interfaces and APIs that monitor traffic
  • Monitoring connections with the legacy landline phone system against toll fraud and other unauthorized use
  • Securing the underlying TCP/IP network against attacks. The more attacks you deal with, the more phone conversation degrades.


Jonathan Zar sees any security problems stemming from VoIP as manageable and worthwhile, considering the opportunity involved.

"You don't reject the opportunity because of the risk; you act to maximize the benefit and minimize the risk."

Featured Research
  • 8 Ways Business Travelers Can Save with VoIP

    Do you or any part of your workforce travel for work, or even telecommute? If that answer is yes, then you should be utilizing mobile VoIP. With VoIP, businesses have been found to save as much as 40% on local calls and a whopping 90% on international calling expenses. more

  • Phone System Showdown

    When it comes time to select your new phone system, one of the biggest questions that you will face is whether to go with the hot, new VoIP system or the steady and secure PBX network. There are pros and cons to each of these phone systems, and before making any purchase we highly suggest that you take the time to download and read our latest guide: Phone System Showdown: VoIP vs. PBX. more

  • Signals Your Company is Ready For Unified Communications

    Efficient and effective business collaboration is essential to company success and as you grow your business, you'll discover all the different communication methods that you NEED to stay connected with partners and customers. Implementing a Unified Communications (UC) system can save your company upwards of $920,000 a year due to increased efficiency amongst company employees. more

  • Phone System Implementation Expectations

    Providers would have you believe that implementing a new phone system is as easy as counting to three. However, while the process may not be difficult, there are steps that need to be taken to ensure that your new VoIP system is installed and implemented smoothly. Luckily, the challenges associated with upgrading your system tend to be fairly predictable. Most businesses run into the same set of problems that many others have faced before them, meaning avoiding or overcoming them is as easy as preparing ahead of time. more

  • Your Phone System and Your Bottom Line

    Businesses have been using phones to drive increases to their bottom lines for almost a century now. Telephony, much like the rest of the business world, has seen drastic changes with the increase in technological advancement. Voice Over Internet Protocol (VoIP), has enabled companies to connect with consumers at levels that have been seen as unheard of before. And trust us when we say this, it is doing wonders for the bottom line. more