Fraudsters are targeting unsecured PABXs in New Zealand and getting away with hundreds of thousands of dollars annually, it is said. Leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door, says the Telecommunications Industry Group (TIG).
Security of your PABX is easily as important as the security of your PC, as it’s relatively easy to defraud you of thousands of dollars if you haven’t made your system secure, says TIG.
TIG says the companies most at risk are small businesses.
An unsecured PABX system can be compromised via an insecure voicemail system (or similar), that allows incoming callers to dial extensions directly. From there, some insecure PABX systems can allow callers to access outside lines. Hackers have targeted these systems around the world, sometimes resulting in a large volume of international calls being charged to the PABX user’s account.
TIG says businesses should check their PABX systems are adequately configured to ensure maximum security.
The group lists five steps to undertake for improved security:
Choose a strong password: Voicemail and DISA passwords should be changed regularly, avoiding factory defaults and obvious combinations such as 1234 or the extension number.
Make sure all security features – passwords, PINS and so on – are changed following installation, upgrade and fault/maintenance. Don’t forget to reset password defaults.
Keep it confidential: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer
Review security and configuration settings regularly.
Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer, in order to keep your system regularly maintained and serviced to stay safe.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.