Cisco Blogs

Voice security is just as important as data security for small businesses

November 2, 2010 - 1 Comment

Learn the four most common threats that put your IP phone system at risk

There’s a big story about phone hacking that has kept newspapers in the U.K. and U.S. busy over the past month. Some former reporters of a popular tabloid newspaper in the U.K. have claimed that hacking into the phones of celebrities and members of the Royal Family was rife at the paper. The publication of conversations and messages between celebrities may be fun to read, but the unauthorized interception of communications inside businesses is no laughing matter.

The security of your small business phone system is just as important as the security of your network. Consider if someone hacked into your phone system and compromised your company voicemail. What could they learn? You need to be as diligent about voice security as you are with data security, particularly if you use IP telephony.

IP telephony uses Voice over IP (VoIP) technology to send voice traffic over data networks. Although VoIP offers plenty of benefits for small businesses, it also presents some security risks, some of which are the same as with traditional PBX phone systems.

Here are four of the most common security threats:

Toll fraud: This can occur with both traditional PBX and IP-based voice systems. Toll fraud happens when internal or external users use business phones to make unauthorized toll calls.

Denial of Service: As with your servers, your IP phones could also be the target of Denial of Service (DoS) attacks. This occurs when hackers flood IP phones or call-processing servers with nuisance traffic in an effort to bring down the service. This is a popular tactic used by hackers to create a distraction for the purpose of executing other attacks on your network.

Impersonation: You probably rely on your phone’s caller ID display to know who’s calling you. But can you always be certain of the caller’s identity? Hackers can steal a legitimate user’s identity to make phone calls. Granted, you’d know if your colleague’s voice didn’t sound the same. Consider the consequences, though, if the caller ID displayed a client’s or partner’s company name and the person at the other end was asking for sensitive company information.

Eavesdropping: In these attacks, a hacker spoofs the IP address of a router or a PC to listen in on voice traffic. The hacker could also see data being entered on the phone keypad. As a small business owner, how many times have you entered your company’s bank account number or Tax ID number using your phone’s keypad?

Voice security should play an important role in your overall business security plan. Next time I’ll discuss some things you can do to protect your small business IP phone system.

What tips do you have for securing your company’s voice data?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Dawn,

    Excellent article.

    Telephony Denial of Service and Enterprise PBX Hacking for Toll Fraud are very hot topics.

    SecureLogix is a Cisco partner. Please keep me posted on future Voice Security discussions.


    John O’Donnel
    Director of Channel Operations