VoIP Security Tips for Business Users

Cloud hosted VoIP [aka as cloud PBX] is the preferable telephone service option for the 21st Century.

It’s extremely cost effective and can be accessed nearly everywhere, from businesses and at-home offices to mobile use on-the-go. Plus, it requires none of the hardware investments of the traditional on-premise POT systems of the past.

However, since VoIP requires Internet infrastructure to send and receive voice communication, it can face some of the same security issues online users have experienced with their computers. So, in addition to those issues, today, we will also focus on some of the specific recovery plans for VoIP users.


For starters, a successful disaster recovery plan requires that your VoIP phone system protection is included in the network’s firewall settings.

A VoIP firewall is an application that defines whether to allow or deny certain calls.

To provide superior quality, the firewall must be durable, reliable and add no latency to voice traffic.

A ’VoIP-aware’ firewall or application-aware firewall protection should be part and parcel of any VoIP managed plan. These firewalls should support common VoIP protocols including H.323 [which provides audio-visual communication], Session Initialization Protocol [SIP] and Network Address Translation [NAT], which assigns a public address to a computer inside a private network.


WPA2 [aka Wif-Fi Protected Access] now provides a stronger data protection and network access control than its predecessor, WPA.

For enterprise and consumer WI-FI users, WPA2 allots a high level of assurance that only authorized users can access their wireless devices and networks.

There are presently two versions of WPA2 to consider, namely WPA2-Personal, and WPA2-Enterprise. WPA2-Personal protects unauthorized network access by issuing a set-up password. WPA2-Enterprise verifies network users through a server.


Passwords, as we have all learned over the years help to prevent security breaches. For companies large and small, it is important to educate one’s staff on best practices pertaining to password usage. It’s also incumbent on business owners to monitor and track unauthorized conversations to eliminate abnormalities or spikes — and in general to view and identify employees who are using the system and assuring their online communications are in accordance with the companies guidelines.


DDoS [aka Distributed Denial of Service] is an online security threat which are often infected with a Trojan and are used to target a single system. With VoIP, a DDoS is a virtual ‘busy signal’ on an IP phone system. VoIP’s dependence on continuous, reliable packet flow makes availability an issue in the face of these types of attacks.

When it comes to external communications with VoIP, it’s important to weigh the potential cost savings and efficiencies gained by these technologies against risks. The two protocols mentioned above, namely SIP and H.323 will help in this regard.

If you’re already transmitting and receiving sensitive data over the Internet, you’ve most likely gone to considerable lengths to protect that data. These safeguards can be leveraged to help secure VoIP and prevent DDoS attacks.

Ghost Calls

Some users, from time to time experience calls on their IP phones from unknown extensions, where they hear silence after engaging with the call. Telzio refers to these types of transmissions as Ghost Calls, and provides this guide on how to prevent ghost calls.

While they can be annoying, these transmissions don’t expose any significant risk to your phones or network, as long as you make sure the firmware and firewall on your phone is up to date.

These calls are made by “port scans” performed by hackers trying to find a vulnerable phone network to gain access. Cybercriminals use large series of automated tests against IP addresses on the Internet, to find systems that respond.

Fortunately, there are several ways you can prevent this.

First you can change the local SIP port on your phone. This will make it harder for the scanners to strategize their way into your device.

Secondly, if you don’t have a specific reason to have a static IP address, you can ask your Internet provider to assign you a new IP address. This may not be a permanent solution to the problem, but it can definitely stop the calls for a considerable amount of time.

Finally, some IP phones can disable direct calls from specific devices and servers. This means that the phone will reject all calls that are not flowing in from your Telzio server. The setting’s location and name varies from phone to phone, so it’s incumbent on the user to check their manual to see if their phone supports this tactic.

So, is VoIP service secure?

At the end of the day, it is a lot easier to eavesdrop on a conversation transpiring in a cubicle next to you, than it is to tap a VoIP phone call. The VoIP odds are in your favor over a traditional telephony service by simply piggybacking your voice transmission onto a more secure data network. But as with everything we do on the Internet, we all have to be vigilant in balancing sufficient security against risks and benefits. However, by addressing the pros and cons, with proper planning and some of the right tools this blog posting presented today, your organization can take advantage of the benefits of IP telephony, without the worry of security threats.

Ron is part of the marketing team at Telzio, covering everything from tips and tech for growing businesses to customer success stories for the Telzio blog.