How Secure Are Your VoIP Calls?

Updated: January 02, 2007

Sure, VoIP can be fast, cheap and efficient if you can manage the extra demands on your network—but is it secure?

Only as secure as the rest of your IT network. Unlike with the regular landline phone calls, it can be relatively easy to eavesdrop on VoIP calls, redirect them to other parties, or just engage in old-school scams by posing as a creditor or other fraudulent money-seeker. In addition, outsiders can hack into corporate networks and call from, say, New York to Japan on the company's dime. But if your existing IT system is secured, your VoIP system should follow.

There are potential problems with VoIP, but the major ones are much like the problems companies have with telecom today, says Jonathan Zar, secretary and outreach chair for the Voice over IP Security Alliance (VOIPSA) and managing director of Pingalo, Inc. "The biggest issues that we see, and what law enforcement sees, are around fraud and theft. While the other issues like [VoIP] spam are likely to become enforcement problems, the biggest concern for businesspeople should be protection against fraud and theft in all their various forms.

"Some of the most valuable information is exchanged through real-time communications: stock trades, confidential medical discussions and so on. ... The last thing you want is to have some competitors or worse, some criminal, have access to your data."

What to Do About It

Dan York, director of IP technology at Mitel Corp . and VOIPSA's best practices chair, says that compared with consumer VoIP, commercial enterprise VoIP systems are generally pretty secure.

"The enterprise stuff you'd have from Nortel , Alcatel , all the ‘Tels, they generally have secure solutions today, so when you put voice and call control out over the LAN, it has the potential to all be encrypted right off the bat.

"The message in enterprise VoIP is it's all secured, or can be. It's a question to ask your vendor: ‘What do you do to secure things on your LAN?'"

Mark Collier at the blog VoIP Lowdown recommends physical measures like having separate VLANs for voice and data, which allows your business to prioritize voice over data and monitor voice traffic more closely for fraud and eavesdropping. He emphasizes non-physical measures even more, such as firewalls, encryption , digital security certificates, intrusion-detection systems and other software-based measures that are already standard in the world of data security.

Jonathan Zar of Pingalo and VOIPSA recommends that CEOs and CIOs ask themselves a few questions about their overall communications picture. "Do we appreciate across the team the importance of protecting our phone conversations as well as your physical assets and documents? Are we taking all the steps required to protect ourselves from fraud and theft? Could we assure our investors, suppliers, customers, and any regulators in our industry, that we have done our best to protect all our communications?"

Dan York of Mitel and VOIPSA cites five specific factors CEOs should look at:

  • Protecting the voice stream from eavesdropping, a particular worry for financial institutions
  • Ensuring call control—that messages get from Point A to Point B without being modified
  • Securing and authenticating Web interfaces and APIs that monitor traffic
  • Monitoring connections with the legacy landline phone system against toll fraud and other unauthorized use
  • Securing the underlying TCP/IP network against attacks. The more attacks you deal with, the more phone conversation degrades.

Jonathan Zar sees any security problems stemming from VoIP as manageable and worthwhile, considering the opportunity involved.

"You don't reject the opportunity because of the risk; you act to maximize the benefit and minimize the risk."

Featured Research
  • 7 Reasons Your Business Communications Need to be Headed for the Cloud in 2018

    If your business communication systems aren’t already cloud based, making the switch from traditional systems should be a priority for your business in 2018. The advantages of cloud-based systems are numerous and significant. The cost savings are one well-known aspect - but there are many others like mobility, speed, and security to consider as well. more

  • QTS Communications

    QTS Communications is a Colorado company since 1999, delivering highly reliable Unified Communications to small, medium and enterprise businesses. Our business is Communications, and we understand the technologies that make businesses work. more

  • 7 Ways VoIP Helps Your Business Adapt to Change

    A key trait of successful businesses is their ability to quickly adapt to change. Adaptability allows you to take advantage of changing trends and differentiate your business in even crowded markets. As it turns out, one of the simplest ways to become more adaptable is to use VoIP. There are several reasons this is true - including lower costs, increased mobility, and faster decision making. more

  • 8 Ways to Get More From Your VoIP System

    Many businesses adopt VoIP to take advantage of the cost savings without spending enough time reviewing the features and benefits made available by different solutions. If this is true for your business, there’s a good chance you could be getting more from your VoIP system in the form of even lower costs or improved employee productivity. You may even find that your current software offers features that you aren’t taking advantage of! more

  • The Future of Mobile VoIP

    Business communications have changed a lot in the last few years, and the landscape will only continue to change in 2018 and beyond. These changes are important to stay on top of if you want to maintain or grow a competitive advantage. Things like 5G mobile networks and artificial intelligence have the potential to be extremely disruptive. more