As a continuation of what we discussed in the previous post about the essential steps to protect your business communication system and ensure cybersecurity, here are the next key measures you should follow:
3. Disable the Web Configuration Page of Your Phones
The phone’s web interface allows you to adjust and update many essential settings to help protect your communication system — including VoIP account details, call logs, network settings, SIP configurations, and other critical features.
Through this web interface, you can also create phone backups, which may expose usernames and passwords used to implement cybersecurity and data protection policies.
However, your phone’s web interface might be the most vulnerable point in your entire communication system — and it’s often the main target for hackers who want to exploit or manipulate your system for fraudulent purposes.
Simply setting a password for the web interface is not enough to ensure security.
Many VoIP phones come with default passwords that owners never change, making it easy for hackers to gain access. Even if you change the password, hackers can still use password-cracking software to break in.
Unfortunately, most phone web interfaces do not automatically lock after multiple failed login attempts, meaning that hackers can try up to 10 passwords per second. Once they succeed, they can modify settings and steal sensitive data from your phone system.
For this reason, cybersecurity experts strongly recommend disabling the web interface of your VoIP phones completely.
You can always re-enable it later if you need to adjust specific settings, but most configurations can be managed directly from the phone itself.
4. Close Port 80 Through Your Firewall
If you are unable to disable the web interface of your phones or PBX system, you should close Port 80 through your firewall.
Port 80 is the main access point used to reach web configuration pages — and it’s also the primary target for hackers. If attackers gain access through this port, they can take full control of your entire communication system.
Mike Oeth, CEO of OnSIP, states:
“The vast majority of VoIP fraud cases are highly preventable. The cases we usually see involve an active web interface or an open Port 80. We recommend closing all unnecessary channels to minimize the risk of VoIP fraud.”
By closing Port 80, you effectively block one of the most common gateways hackers use to compromise business phone systems.
5. Disable International Calling
Many hackers attempt to use VoIP systems to make fraudulent or high-cost international calls.
If your business does not need to make international calls as part of daily operations, it’s best to disable international calling altogether
If you occasionally need to make such calls, you can use a prepaid calling card instead of enabling direct international dialing.
If you must keep international calling enabled, make sure to regularly monitor phone and employee call logs for unusual activity.
.Hacking communications systems costs $1,000 per minute in the United States
You can also disable international calling after business hours, since most hackers and fraudsters operate during off-hours, weekends, and long public holidays.
If limiting the calling hours is not practical, you can instead restrict international calling to specific countries and set up automatic call reports to be sent to your email or mobile device to detect and prevent any unauthorized activity.
If you suspect that your system has been hacked, immediately disable the affected devices, review your Call Detail Records (CDR) to identify how many unauthorized calls were made, and notify your VoIP service provider to secure your system and report the incident.
XonTel is a leader in communication security and cybersecurity solutions. Its advanced products are equipped with powerful protection features, capable of encrypting all communications between XonTel phones. The company continues to develop next-generation firewall systems to provide the highest level of protection for all its users and clients.
To learn more about XonTel’s products and services, click here.
Sources 1