Keeping Your UCx Service Secure
Protecting the integrity of your phone system is as important as protecting unauthorized access to your computer systems. Toll fraud can cost your business thousands of dollars if you fail to address this issue.
Because your phone system is now a hosted unified communications service, you’ll benefit from the security we’ve built into the network. In addition, we will work with you during the provisioning process to eliminate as many other areas of vulnerability as possible. This can include actions such as restricting after-hours calling or blocking international calling for users not requiring access.
Actions We Take
- We monitor network traffic for abnormal calling patterns or changes in calling habits which can indicate toll fraud. If we note any suspicious activity, we will contact your company immediately to investigate.
- Any time your international calling minutes exceed pre-set thresholds, we will automatically place a block on all international calling to prevent further activity. We’ll contact you immediately to determine whether the calls are legitimate so that the block can be removed, or, if the calls represent fraud, what actions should be taken. If no one is available in your offices when the block is activated (i.e., evenings, weekends, or holidays), the block will remain in effect until we are able to reach a representative of your company.
These practices have proven successful in identifying and controlling fraudulent calling. However, we do not make any claims or assurances relative to our ability to identify or provide you with notice of fraud. We will gladly discuss issues related to security and prevention of toll fraud with you and work with you to establish internal procedures to help protect your phone system’s integrity.
Actions You Can Take
Once your service is set up, there are other actions you can take to prevent unauthorized access to your phone system.
- Change all default passwords for the UCx Admin Web Portal, Voice Portal, and Voice Messaging.
- The web portal password is used to gain access to your phone so that if you are not near your phone you can make changes to call forwarding, voicemail notifications, etc. remotely. This password should be at least 6 characters long. A strong password has a combination of at least three of the following: capital letters, lowercase letters, numbers, or other characters/punctuation marks (i.e. !, @, &, $, etc.)
- Voicemail passwords are used only for checking your voicemail and/or changing your greetings. This password should be at least four digits long. It should not be all the same digit (i.e. 1111), a series of digits (i.e. 1234), or the extension of the phone.
- The voice portal login is used to gain access and make changes to the auto attendant greetings. This login will need to use the same password parameters as the voicemail password.
- Voice portal calling is turned off by default. However, if voice portal calling is enabled for some users in your company, these passwords should be protected as diligently as they are for computer access.
- Make sure your users keep their passwords and codes up-to-date and secure. Encourage them to choose combinations that are easy for them to remember, but hard for anyone else to guess.
- Make sure your phones (SIP-enabled devices) are not assigned public IP addresses.
- Bring Your Own Broadband (BYOB) devices should be secured by having SIP ALG or any other recommended ports disabled, so that each device registers behind your security device and not over the public Internet.
- Administrators should never allow anyone to test your phone lines or access your system. There are a number of fraud schemes that rely on “testing” or “repair” requests which result in your system being used for unauthorized access. If in doubt about a service request, call Customer Care immediately at 877-344-7441.
- Never accept collect calls without being absolutely sure who the caller is, especially if the call originates in a foreign country.
- Be aware of call-forwarding scams where you are asked to dial a two-digit code preceded by a * (such as *72). This kind of procedure can program your phone to forward calls to a long-distance operator, allowing unauthorized callers to place calls that are billed to your company.
- The best and easiest security check you can take is to review your monthly invoices carefully, making sure there are no unfamiliar or unauthorized call charges. Please contact the Customer Care Repair Team at 877-344-7441 to report unauthorized calls from your service, and we will take the necessary steps to block the illegal access.
- We provide a comprehensive Security Scorecard following your turn up. This report, available by request, provides you with important information to secure your UCx services. We recommend that you request your Security Scorecard every month or every other month. The scorecard will help you ensure that your employees are not opening up your company to any vulnerabilities which would allow hackers to access your system.
- You may also log into the Dash customer portal for a security report. This report shows only those users who have vulnerable passwords, and those who have enabled voice portal calling or call forward always. To access the report in Dash, go to the “Broadsoft” link and select the “Security” tab.