How to prevent phone hacking
How to prevent phone hacking
This is not a blog for aspiring phone hackers but to help businesses and organisations understand how phone hacking occurs and what steps they can take to prevent being the victim of phone hackers. The bad news is that every organisation or business is open to dial through fraud and that phone hacking in the UK is on the increase as a way for criminals to make significant sums of money.
Who is open to phone hacking?
Any business can be open to dial through fraud but organisations that are closed for prolonged periods of time are more vulnerable. All businesses are susceptible over the festive period when many businesses close from Christmas Eve to after New Year. Schools, colleges and educational establishments that are closed for significantly long periods of time over holiday periods are also a prime target for phone hackers. That said, all businesses are at risk at night and over the weekend when the office is unoccupied and phone hackers can operate undetected.
How does phone hacking work?
Dial through fraud occurs when a hacker is able to take control of your phone system and make fraudulent calls to premium numbers, often in distant countries.
Hackers use sophisticated ‘war dialling’ software to target systems, extensions and voice mailboxes where there is little or no password protection. Once a system has been hacked it is very simple for the hackers to dial an international premium rate number (IPRN) that they own, often in countries such as Bosnia, Cuba, Estonia, Ethiopia, Latvia or Pakistan, which generates as much as £10 a minute from calls. The cross-border cyber-criminal nature of PBX fraud makes it extremely difficult to track down the fraudsters and a system breach can often cost a business as much as £10,000 overnight.
How to protect your phone system from hackers
With businesses being liable for the cost of any fraudulent calls, STL recommends a number of preventative measures be taken to prevent your business being an easy target
1 Obvious though it might seem, change the PBX factory default password
2 Use stronger passwords across the company. Passwords should be at least 8 characters long and contain both upper and lower case letters, numbers and special symbols to make it less easy to guess or crack
3 Change passwords from time to time, especially when employees leave the organisation
4 Make sure that your employees use ‘strong’ passwords on their voicemail
5 Block outbound calling to certain locations i.e. those that you do not regularly call
6 Restrict after hours outbound calling
7 Delete unused extensions and voicemails
8 Limit call forwarding to known or internal numbers only
9 Regularly review your call history and monitor call usage of individual users
Limiting your liability
These measures are designed to prevent dial through call fraud but it is up to the business to implement them. Users of STL SafetyNet have added peace of mind. STL SafetyNet can significantly limit the value of fraudulent calls if your business is hacked – this is often a far lower figure than hacked companies are usually liable for. As all business owners know, a surprise bill of thousands of pounds can seriously damage any business.