The rise of digital IP solutions including Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP), has brought its own set of problems, including an increase in digital telecoms fraud.
Before businesses moved from an analogue phone network to a digital one, employees couldn’t access anything relating to their phones from the corporate computer network. But with an internet solution, this is made much easier. The best solution is to have physically separate phone and data networks. Where this isn’t possible, use a virtual LAN (VLAN) to separate traffic.
No data should be able to traverse between the two networks without passing through a network security device. Many providers recommend the use of a session border controller (SBC) to protect the network, such as Cataleya’s Orchid One, deployed here at SmartIPX.
Whether it is done via landlines or digital IP – setting up call bars on premium numbers and, unless required for normal business, international numbers – can limit the impact both financially and to your business reputation, if your systems are compromised.
What some organisations might be unaware of is that in the event of a security breach, the telecom provider is not responsible and will not pay out. Check the small print: the telephone network provider has no liability in such cases; it is all down to the SME. This is because Ofcom has adjudicated that network operators are only responsible for supplying the network but not how it is used.
Ofcom has also said, however, that providers should not profit from fraud. If you are a victim and have to make a payment to your telecoms provider it should only be for the cost of the calls incurred by the supplier, not their normal resale price.
There are some simple guidelines SME can follow to help cut down on their chances of being a victim of telecoms fraud.
Here are our top tips.
- Be cautious when speaking over the phone to representatives claiming to be calling from your telecoms provider or calling in relation to your phone systems. If you’re unsure, end the call.
- Bar calls from unknown numbers and do not call back to telephone numbers you haven’t seen before.
- Always leave time between ending a call and calling a number back as fraudsters try to leave the line open for a few minutes to allow hackers to try to access your telephone system
- Make sure your employees are fully briefed on the potential risks from fraudulent telephone calls and what steps to take to mitigate them
- Be vigilant for evidence of hacking – inability to get an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside business hours.
- Regularly review call usage – analyse billed calls by originating extension and identify irregular usage.
Check out our Quarterly Fraud Reports for more information about fighting, not facilitating, fraud.
SmartIPX Fraud Reports
We produce and share quarterly fraud reports free to download and distribute for the telecommunications industry.View our most recent fraud reports here