How Secure Are Your VoIP Calls?

Updated: January 02, 2007

Sure, VoIP can be fast, cheap and efficient if you can manage the extra demands on your network—but is it secure?

Only as secure as the rest of your IT network. Unlike with the regular landline phone calls, it can be relatively easy to eavesdrop on VoIP calls, redirect them to other parties, or just engage in old-school scams by posing as a creditor or other fraudulent money-seeker. In addition, outsiders can hack into corporate networks and call from, say, New York to Japan on the company's dime. But if your existing IT system is secured, your VoIP system should follow.

There are potential problems with VoIP, but the major ones are much like the problems companies have with telecom today, says Jonathan Zar, secretary and outreach chair for the Voice over IP Security Alliance (VOIPSA) and managing director of Pingalo, Inc. "The biggest issues that we see, and what law enforcement sees, are around fraud and theft. While the other issues like [VoIP] spam are likely to become enforcement problems, the biggest concern for businesspeople should be protection against fraud and theft in all their various forms.

"Some of the most valuable information is exchanged through real-time communications: stock trades, confidential medical discussions and so on. ... The last thing you want is to have some competitors or worse, some criminal, have access to your data."

What to Do About It

Dan York, director of IP technology at Mitel Corp . and VOIPSA's best practices chair, says that compared with consumer VoIP, commercial enterprise VoIP systems are generally pretty secure.

"The enterprise stuff you'd have from Nortel , Alcatel , all the ‘Tels, they generally have secure solutions today, so when you put voice and call control out over the LAN, it has the potential to all be encrypted right off the bat.

"The message in enterprise VoIP is it's all secured, or can be. It's a question to ask your vendor: ‘What do you do to secure things on your LAN?'"

Mark Collier at the blog VoIP Lowdown recommends physical measures like having separate VLANs for voice and data, which allows your business to prioritize voice over data and monitor voice traffic more closely for fraud and eavesdropping. He emphasizes non-physical measures even more, such as firewalls, encryption , digital security certificates, intrusion-detection systems and other software-based measures that are already standard in the world of data security.

Jonathan Zar of Pingalo and VOIPSA recommends that CEOs and CIOs ask themselves a few questions about their overall communications picture. "Do we appreciate across the team the importance of protecting our phone conversations as well as your physical assets and documents? Are we taking all the steps required to protect ourselves from fraud and theft? Could we assure our investors, suppliers, customers, and any regulators in our industry, that we have done our best to protect all our communications?"

Dan York of Mitel and VOIPSA cites five specific factors CEOs should look at:

  • Protecting the voice stream from eavesdropping, a particular worry for financial institutions
  • Ensuring call control—that messages get from Point A to Point B without being modified
  • Securing and authenticating Web interfaces and APIs that monitor traffic
  • Monitoring connections with the legacy landline phone system against toll fraud and other unauthorized use
  • Securing the underlying TCP/IP network against attacks. The more attacks you deal with, the more phone conversation degrades.


Jonathan Zar sees any security problems stemming from VoIP as manageable and worthwhile, considering the opportunity involved.

"You don't reject the opportunity because of the risk; you act to maximize the benefit and minimize the risk."

Featured Research
  • 7 Ways the Wrong Phone System Can Haunt Your Business

    The wrong phone system could be haunting your business - and we’re talking about problems more serious than ghosts and ghouls. From increased costs to issues with scaling, we’ve identified seven important ways that a less than ideal phone system could be holding you back. You’ll be surprised at how much of a difference this can make to your bottom line too. more

  • Ditch Your Fax Servers

    An in-house fax server gives an IT department centralized management and monitoring over the entire enterprise's faxing. This can help your company track usage and better maintain records for auditing and record keeping. However, there are serious drawbacks that come with utilizing an in-house fax server solution and these range from security to cost-prohibitive pricing. more

  • The IT Manager's Survival Guide

    As an IT manager, maintaining physical fax servers and infrastructure is not a high priority. However, fax capability remains a business need simply because chances are your industry is dependent on its security. What if there was a way to reduce the amount of time spent handling fax complaints and maintaining physical servers? And this way took into account security, cost savings, and freed up your IT resources. Would you be interested? more

  • VoIP: Your New Secret Weapon for a Strong Year End

    As the end of 2017 nears, you may be feeling pressure to make sure you close the year out strong.If you’ve been sitting on the fence regarding VoIP, this may be the perfect time to switch. VoIP options had never been better or more full-featured than they are now, and it may be just the thing your business needs to see a productivity and profitability boost. more

  • Is Your Phone System Stealing Profits?

    Having the wrong phone system can dramatically cut into your profits. Despite this, many businesses just sign up for a plan or platform that seems ‘good enough’. If you haven’t carefully considered your options and the included features, there’s a very good chance that you are leaving money on the table in some way. more