FBI Issues Warning About VoIP Security

In times of crisis, we get to see the best and worst of people. Soon after the COVID-19 pandemic of March 2020 resulted in millions of job losses across the United States, many landlords opted to give tenants a break on monthly rent payments, and food bank managers reported being well stocked. On the other hand, the Federal Bureau of Investigation reported that cybercrime groups have become more active as they seek to take advantage of people working from home.

Network exploits, malware, denial of service attacks, and data breaches have registered an uptick since early March. During the month, the Internet Crime Complaint Center of the FBI received more than a thousand reports of cybercrime incidents specifically targeting individuals working or studying from home; many of these cases were related to the use of video conferencing or VoIP technologies. Eavesdropping on video conferencing and hijacking sessions were two of the examples cited by the FBI, but phishing and malware injections were also mentioned.

Security Vulnerabilities in Web Conferencing

Information security researchers have identified vulnerabilities in two mobile video conferencing apps that became very popular shortly after social distancing and stay-at-home orders were issued by public health officials. One report explained how a malware injection targeting a specific app could result in Windows password credentials being secretly sent to remote servers. The most common injection method appears to be a malicious URL pasted within email messages for coupons and special offers.

Companies using hosted VoIP portals will always be more secure than popular video conferencing and messaging apps; however, the FBI has stressed the importance of implementing strong password security measures. When your VoIP and Unified Communications platform is hosted through Sonic Systems, you have the benefit of secure servers provided at the host point, but client security and safeguarding of credentials are up to you. This is a time when you should change your remote access, VoIP, and UC passwords; furthermore, you should also evaluate the use of password managers and two-factor authentication (2FA) methods.

The clients that your staff members are using to work from home should also be considered in terms of company security. If they are using company-issued devices, it stands to reason that they are protected in terms of secure port configuration and antivirus software, but what about the personal smartphones, tablets, and laptops that your employees have put to work? Many companies have rushed to implement “bring your own device” policies during the pandemic, but this could bring about security risks if the client hardware is not secure.

For questions about VoIP and UC security, contact Sonic Systems today; we can audit your system and provide answers about 2FA, BYOB, and other issues related to keeping your business network safe.

The Right Business Strategy for Unified Communications
VoIP and Unified Communications During the COVID-19 Pandemic