5 cybersecurity best practices for VoIP and unified communications

Apr 11, 2022

Is your VoIP phone system or UC platform as secure as you think? Keep your data safe and your systems secure with our 5 best-practice security tips.

Is your VoIP phone system or UC platform as secure as you think? Keep your data safe and your systems secure with our 5 best-practice security tips.

So you're here for cybersecurity tips. Great! We'll get to those in just a minute.


First, let's deal with that elephant that's just walked into the room. Yes, we specialise in VoIP phones and unified communications (UC) technology. We have done for more than 10 years now. So… if that's our wheelhouse, why are we talking about potential security issues?


The answer's simple: because we take cybersecurity seriously.


We've chosen our three VoIP/UC platforms because experience has shown they're among the most flexible, feature rich and – yes – secure systems on the market.


But one of the key tenets of cybersecurity is to never assume you're invulnerable. Cybercriminals are a wily bunch, and they're constantly looking for new ways to exploit the systems we rely on. Assuming a platform is completely secure means letting your guard down – and that's when scammers are most likely to score a direct hit.


The fact is, even the biggest platforms are vulnerable to misuse. Take the spate of so-called "Zoombombing" incidents in 2020, for instance.


Zoombombing: an unfortunate case study


Zoombombing refers to when unwanted participants enter a video call – usually on the popular video conferencing app Zoom. Once in, these interlopers show lewd, suggestive or hateful material, intending to disrupt the session in question.


You might be thinking, "don't these people have anything better to do?". To which we say: good point… but don't underestimate the all-pervading power of stupidity.


You might also wonder, "how could this be allowed to happen?". Well, the answer to that question's a little more complicated.


One of the reasons Zoombombing took off is because it was so easy to accomplish. All the tricksters had to do was search for a publicly available Zoom link – perhaps a classroom session that a well-meaning teacher had posted on Twitter.


Other platforms allow for public link sharing, of course. But Zoom dropped the ball by making these links the only pieces of information required to enter a meeting. Because there were no other safeguards in place, the floodgates were left open for these gormless gatecrashers.


To Zoom's credit, it has since responded with more than 100 security updates, including implementing end-to-end encryption for all users, and – crucially – turning on meeting passwords by default.


But the damage had already been done. In the wake of these incidents, many companies and institutions banned the use of Zoom. And, in one notable example, an Italian TV channel was made to broadcast some very questionable material as it hosted a Zoom conference, live on air.


It seems most of these attacks were simply tired attempts at "trolling". Thankfully, we haven't heard of any data breaches that occurred as a direct result of a Zoombombing incident.


But if there's one thing we can all learn, it's this: next time a breach like this happens, it might not be so… ahem… "innocent".


Five steps you can take to protect your business and your data


As we've seen, no platform is invulnerable to attacks. Here are five simple ways to protect yourself as you communicate and collaborate in the cloud:


1. DO use strong passwords


Sure, this is like "security 101". But it's the simple stuff that's most easily forgotten, so it's important that we cover it here.


You know the drill. Use strong passwords that incorporate numbers and special characters. Don't use personal or public information as part of those passwords. And change them regularly – every two weeks or so.


Now wrap that up in a password policy and make sure your staff stick to it, whether they're working from home or the office.


2. DON'T use public WiFi


As we've said before, public WiFi is like the wireless Wild West. Users should, at the very least, be accessing services via their secure home WiFi system – preferably with a company-approved VPN (virtual private network) on top.


3. DO keep mobile devices secure


As flexible working becomes ever more normalised, IT managers have to manage an increasing fleet of unsanctioned, employee-provided mobile devices. If staff are using VoIP or UC apps on these devices, then enabling end-to-end encryption is essential. You might also want to limit their use to secure WiFi networks.


4. DON'T let security standards slip


Remember: a security policy is a work in progress – you should never consider it a complete document.


Treat your VoIP/UC system as you would your business's internal network or any other piece of critical infrastructure. This means keeping software and firmware up to date and conducting regular security audits to make sure you're keeping pace with the latest developments. You might also want to consider conducting cyberattack simulations, so you can root out any vulnerabilities before they're discovered by unscrupulous types.


Education is just as important. Keep staff up to date with any changes in your security policy, and run regular training sessions to ensure that standards are adhered to.


5. DO consider adopting a "closed-loop" system


One of the biggest boons of UC platforms is that they combine several services into single, easy-to-use communications dashboards. You no longer have to use different programs for video calls, instant messaging, phone conversations and the like. So as long as you trust the UC provider, you can – in theory – trust the UC platform itself.


But you should ask yourself: "is my UC platform as 'unified' as it seems?"


Perhaps there's a custom API integration your IT team knocked together. Is that as secure as you want it to be? And what about handsets… could they be a weak link in your otherwise-secure network chain?


If this is a concern, you might want to consider a system like Wildix. As well as providing exceptional security features out of the box, Wildix only works with own-brand handsets. This means that if there's a failure in the chain, the responsibility lies with Wildix alone to get things fixed.


Useful links


Learn more about our three VoIP/UC systems: Wildix, Microsoft Teams and Cisco Webex.


Want to discuss cybersecurity? It's a very important topic, so we're always happy to help out. Please don't hesitate to get in touch [link: https://www.yoozoom.co.uk/contact] or check out our security-focused IT support packages.


(And while we're at it, why not sign up for our Knowledge Hub? You'll get useful tech tips like this delivered directly to your inbox!)

by Matthew Dickinson 21 Oct, 2024
We’re excited to announce that Yoozoom has officially joined the Windsor Telecom family as part of their mission to grow and expand across the UK. As a Leeds-based leader in unified communications, IT services, and networking solutions, Yoozoom has a proud legacy of helping businesses thrive. What does this mean for Yoozoom customers? Yoozoom will continue to provide the same high-quality services you know and trust. Windsor Telecom is committed to investing in our team and services, ensuring that we’re able to offer even more to our customers as part of a larger national network. A message from Windsor Telecom: "We’re thrilled to welcome the Yoozoom team and customers into the Windsor Telecom family,” said Pete Tomlinson, CEO of Windsor Telecom. “Their expertise will be invaluable as we grow our national presence, helping even more businesses use technology to deliver outstanding customer and employee experiences.” As part of Windsor Telecom’s UK-wide growth plan, Yoozoom is excited to embark on this next chapter and continue to deliver innovative solutions that make a difference. Stay tuned for more updates as we continue to evolve as part of the Windsor Telecom Group!
Small business owner? Need a new phone system? This is the guide for you.
by Simon Edward 26 Sept, 2022
Small business owner? Need a new phone system? This is the guide for you. Learn how to find a VoIP phone system that helps you smash your goals.
By 2025, all UK phone systems will be cloud-based.
by Simon Edward 19 Sept, 2022
By 2025, all UK phone systems will be cloud-based. If you're reluctant to switch sooner rather than later, read on for six advantages of a VoIP system.
Ten years ago, Skype was everywhere. Now… not so much. But what happened, exactly?
by Simon Edward 12 Sept, 2022
Ten years ago, Skype was everywhere. Now… not so much. But what happened, exactly? Read on to discover the truth behind Skype's rise and fall.
94% of all enterprises use cloud services – but do 94% know enough about cloud security?
by Simon Edward 05 Sept, 2022
94% of all enterprises use cloud services – but do 94% know enough about cloud security? Read on to find out more about staying safe in the cloud.
Do you even NEED two mobile phones for work?
by Simon Edward 22 Aug, 2022
Is it time to ditch the company mobile? We weigh up the pros and cons – and explore a third option that could save you cash and hassle.
Want to outsource IT support? Scratching your head over the options?
by Simon Edward 15 Aug, 2022
Want to outsource IT support? Scratching your head over the options? Choose the right IT company, first time, with our 5-step guide.
What is the true cost of an IT failure?
by Brian Rosten 08 Aug, 2022
IT failures cost more than you might think. Learn three ways to calculate the true cost of a failure and safeguard your business from tech disasters.
Time's running out – are you ready for BT's
by Simon Edward 02 Aug, 2022
In 2025, BT will switch off its ISDN and PSTN phone lines for good. Is your business ready for the change? Learn what's happening and what to do.
Learn 4 big reasons why phishing attacks work, as well as some useful tips to help you safeguard you
by Simon Edward 25 Jul, 2022
Phishing is on the rise. Learn 4 big reasons why phishing attacks work, as well as some useful tips to help you safeguard your business.
More posts
Share by: