- Remove or de-activate all unnecessary system functionality including remote access ports. If you must have the latter, protect them with strong authentication techniques such as smartcards or tokens.
- Restrict the numbers that employees can dial: for example, bar calls to premium rate numbers, international numbers, operator numbers or Directory Enquiries.
- Review your PBX call logging/reporting records regularly to spot any increases in call volumes or calls to suspicious destinations.
- Bar voicemail ports for outgoing access to trunks if you can. Change your voicemail and DISA (Direct Inward System Access) passwords regularly and don’t use the factory defaults or obvious combinations such as 1234 or the extension number.
- If access to trunks via voicemail is vital, then introduce suitable controls. Remove Auto Attendant options for accessing trunks too.
- Lock any surplus mailboxes until you have a user for them.
- Not using DISA? Then disable it completely.
- Restrict access to your core communications equipment, such as your Comms room or master terminals.
- Only give individuals the appropriate and minimum level of system access they need to carry out a specific task.
- Change your security features – passwords, PINs etc. – and re-set the password defaults whenever you install, upgrade, repair or maintain equipment.
- Treat all internal directories, call logging reports or audit logs as confidential. Destroy them securely when they’re no longer needed.
- Avoid using tones to prompt for password/PIN entry: hackers find it easy to duplicate them.
- Implement formal processes to cover employee entry procedures, the issuing of passcards and the vetting of new employees when people change jobs or leave. For the latter, remember to revoke any access they might have had to your systems, mailboxes or buildings.
- Review your system security and configuration settings regularly. Follow up any vulnerabilities or irregularities promptly.
- Be vigilant against bogus callers: people who pose as a company employee and ask to be connected to a switchboard operator to get an outgoing line.
Remember, the biggest problem at present seems to be “social engineering” where fraudsters impersonate the IT department and get end users to change the voicemail password to a number of the fraudster’s choice. This, along with interlinked PABX’s and centralised voicemail, makes detection more difficult.
Please contact Class Networks for further information on 0333 800 8811
Posted in News