Worried about VoIP security?


Office architecture has been changing for three years. Meetings have become Zoom calls, a quick phone call an email, and an email an instant message. As the office landline becomes replaced with internet-based alternatives like Voice over Internet Protocol (VoIP), some businesses are questioning — is it secure? To help stave off concerns of cyber-attacks, Ross Slogrove, UK country manager at VoIP phone system provider Ringover, analyses the security credentials of VoIP.

In 2022, statistics from cyber security company Surfshark showed that there were 4,783 victims of cybercrime for every one million users in Britain. That translates to a 40 per cent growth that year — compared to an eight per cent global average.

Cyber security is becoming more important for businesses to prevent data breaches, loss of revenue and depletion of customer trust. But how can businesses become more secure?

The rise in cyber-attacks

Nobody could have predicted just how quickly our work set-ups changed in 2020. At the time, many businesses scrambled to create remote working set-ups that, originally, were meant to serve as a short-term stop gap. Fast forward three years and there are now more permanent, hybrid set-ups that haven’t really grown in sophistication.

Consequentially, cybercriminals recognised the vulnerabilities brought by unfamiliar working conditions. A UK Government report revealed that, in 2020, almost half of UK businesses experienced a cyber-attack. That figure reduced to 39 per cent in 2021 and maintained at the same level in 2022. Elsewhere, a Software Advice report found that 62 per cent of UK-based SMEs experienced an increase in cyber threats since 2020.

Working from less-secure home internet connections, and in many cases from personal devices that haven’t been thoroughly vetted by the IT team, takes much of the blame. In addition, the explosion of online tools and services to aid employee collaboration and productivity means business data is scattered across third-party vendors without much policing. If these tools have a bare-minimum security setting or carry out updates to security preferences that go overlooked, it could spell disaster.

Knowledge is power

It’s critical that everyone in the organisation is aware of cyber risks so they know how to prevent them. So what sort of methods are used by cyber criminals to access crucial data?

As well as hacking of personal information like passwords and emails, a common cyber offence is phishing. This is where criminals ask for security information and personal details under the pretence of a trusted organisation. It’s reported that one in every 3,722 emails in the UK is a phishing attempt.

Other methods cyber criminals may use include ransomware, a newer form of attack that became popular in 2021. As the name suggests, ransomware is used to block access to a computer system until a sum of money is paid. This is done by encrypting files so they cannot be used or in some cases even threatening to publish private data.

According to research from Nord Security’s file encryption software business NordLocker, UK businesses suffered the third highest rate of ransomware attacks in the world between January 2020 and July 2022, behind the US and Canada.

However, cybercrime can span further than targeting users of devices like tablets and computers, and instead access phone calls. Vishing, or voice phishing, is the voice call equivalent of online phishing, which again is used to access sensitive information by deceiving the person on the other end of the line to share security details.

Is VoIP more secure?

VoIP technology is helping businesses move away from traditional, landline forms of telephony. Its use has increased alongside the rise of remote working as VoIP has lower operating costs, is easily scalable and is completely portable. But, while VoIP offers a supreme level of network agility, it’s understandable that a business worrying about cyber-security may question its credentials. If calls are hosted over the internet, are they really secure?

Thankfully, there’s no need to panic. Compared to physical landlines, VoIP can be more secure because it uses Session Initiation Protocol (SIP), which allows voice traffic to be compressed into media streams that are sent over an internet connection, rather than through traditional phone lines. Additionally, VoIP systems require login credentials that enable the user to connect through the phone. Multi-factor authentication is a reliable way to improve security by making it difficult for unauthorised users to gain access to the network.

All VoIP systems require a stable internet connection to function properly. If security issues were to arise, a poor connection would likely be the cause. In a worst-case scenario, businesses could be made vulnerable to cyber threats through a Voice over Misconfigured Internet Telephones (VoMIT) tool, where cybercriminals steal voice snippets and confidential information directly from calls. To overcome this, VoIP providers like Ringover use end-to-end call encryption to protect content, rendering it unreadable if it is hacked.

While on the surface, VoIP may seem like it adds more opportunities for cyber criminals to attack, it’s actually more secure than using a traditional telephone if you’re investing in a quality service.

As technology continues to advance around us, so too do the cyber threats we come up against. Businesses cannot bury their heads in the sand, and awareness of both long-used and newer forms of attack is vital to preventing breaches. VoIP is quickly becoming a vital tool in any flexible business’s arsenal and it’s important businesses are aware of its security credentials and are making sure the phone system they choose helps keep their data safe.