The Top Security Questions to Ask Your VoIP Provider
When businesses look for a new cloud phone system they typically consider a range of factors, including call quality, integration with business applications and scalability. Yet an essential factor to consider when selecting a cloud-based phone system is security.
Security vulnerabilities with cloud phone systems can happen inside and outside an organization in the form of phone hacking, toll fraud, phishing scams and more.
The following are some important questions you should ask a cloud phone system provider before you decide to purchase:
1. Does the service provider comply with federal guidelines?
All reputable service providers are required to comply with security guidelines laid out for specific verticals. So be sure to check credentials and compliance with these standards. Data protection measures should include firewalls, intrusion detection, and prevention systems to help protect against Distributed Denial of Service (DDoS) attacks. All of these should be monitored constantly.
ShoreTel phone systems include Session Border Controllers, or SBCs. These enforce security, quality of service and admission control mechanisms over VoIP sessions. SBCs also provide firewall services to protect against outside attacks.
2. What protection does the vendor offer against phishing scams, fraudulent interactions and toll fraud?
Cloud phone systems should be capable of encrypting traffic with reset default pins. In addition, many IP phone platforms can be configured to restrict international and directory assistance calls.
ShoreTel runs quarterly internal vulnerability scans against systems containing confidential data. Our Security Incident Response Team is on call around the clock to respond immediately to suspected breaches, and to mitigate risks if an event occurs.
3. What is an API and what can be done about insecure APIs?
API stands for “application program interface.” It’s a piece of software that makes it possible for application programs to interact with each other and share data. Strongly built interfaces and consistent monitoring make integration of third-party apps safer. A phone system with built-in resources for integrating business applications will reduce the reliance on third-party providers, and thus be more secure.
4. What steps is the vendor taking to minimize downtime?
Severe weather and an unexpected influx of customers or DDoS attacks can all cause downtime. Service providers should consistently monitor their systems so that the cause of any shutdown can be identified quickly. In addition, system redundancy is vital.
ShoreTel’s VoIP network is designed so that core and distribution routers are redundant, allowing no single point of failure. We’re constantly updating our networks with the most advanced routers and switchers available for maximum availability and reliability. For a more in-depth and technical look at our architecture, read the ShoreTel white paper Staying Secure in the Cloud.
5. How does the vendor protect against malicious insiders?
While businesses should have an internal system of checks and balances to prevent unauthorized users from accessing data, it’s essential that vendors have their own rules in place, too. ShoreTel has a zero-tolerance policy for putting customers at risk, which includes strict guidelines for employee and vendor behavior, alongside comprehensive checks and balances inside our engineering and development teams.
6. Will I feel safe and in control with a cloud business system?
The adoption of a cloud business phone system means that some daily management activities will no longer be on your shoulders. You can safeguard your system by choosing a service provider that puts a high priority on security and implements a full range of protections. Cloud phone systems offer a number of benefits, including lower overhead, increased efficiency and better system availability. But the security of your data should never be a tradeoff.
Regardless of the vendor you choose, you can take additional measures to ensure your phone system is resistant to data breaches. To learn more, read The Top Security Questions you Should ask a Cloud Communications Provider.