IP Phone systems have delivered great features and greater productivity for business large and small. If your business is using an IP phone system, however, you need to keep a few items in mind.

Do you realize your system may use the Internet to connect with the outside world? If this is applies to your system then you need to protect your phones in the same manner you protect your computers and email servers.

The Problem

Recently, we have had reports from a few clients regarding attacks on their IP-based systems. The attackers usually search public IP addresses and gain access to your phone server. Or, the attack is directed at remote handsets. Remote handsets are usually ones based in home offices. Like many folks you may think you’re more ‘safe at home’. But cyber attackers don’t play favorites. We have also received reports of recent toll fraud incidents. The client’s phone service is hijacked via the phone system. Once the attacker gets into the phone system, he will then use the phone service to dial calls. Unfortunately, you may not realize the problem until you see a spike in your phone bill the next month.

What You Should Do

Make sure your phone system provider has followed the recommended security procedures during the installation process. Let’s put it another way, your vendor better have a security process in place. If you’re not sure how secure your system is then follow these guidelines and contact your vendor to confirm your system’s security.

* turn on all available security settings from the phone server * make sure the phone system admin pages are not available on your public network

* Use strong passwords for server and phone administration pages. DO NOT use simple passwords such as “1234”

* turn off or block all unused ports on the system

* all remote phones should sit behind a firewall or connect to your office on a secure VPN connection.

* in the event an employee leaves, be sure to have phone equipment returned and passwords changed immediately


If you believe your system has been compromised notify your PBX vendor and IT staff immediately. Your system may need to be reset and re-programmed for better security. You should also contact your phone company and report any fraudulant calls found on your bill.

As always, please contact RAM if you have any questions or if you need further assistance.

Leave a Comment