By Nick Claxson, CEO, Comtec

Moving to an IP phone network will improve communication for business and create new cyber security risks

The world of telephony is approaching its biggest switch for at least three decades.

By 2025, BT has said that it will close its traditional phone network – run on Integrated Services Digital Network (ISDN) and public switched telephone network (PSTN) circuits. It will move its network to sending voice calls and data phone calls over the Internet. The new system will use Internet Protocol (IP) and Session Initiation Protocol (SIP) technology.

Currently, many businesses use a phone line, an internet connection, and a phone system.

With SIP trunking you just need an internet connection and a phone system but not a phone line. Calls are translated into data “packets” and sent over your data network. Businesses can continue using their current phone system and handsets.

In many ways, the switch to IP is good for business because an IP phone network will be much faster than an ISDN one, more flexible (an employee can make phone, conference calls or send messages from one phone number, from any location, using any mobile or fixed-line device), and cheaper. It will have a greater data capacity.

However, some of these benefits could also be its biggest weakness.

Experts warn that IP’s flexibility and openness make it more vulnerable to being hacked than ISDN, which is more of a closed network.

When we send an email message to a colleague or talk to a friend in another country using an Internet-based service such as Skype, the data is sent in a “packet”. And that packet could be a target for a hacker, who may want to sell the information on the “dark web”, or just embarrass a business.

Hackers can listen to everything you say on a phone by hacking into the software and “firmware” IP phones run on, according to one security expert.

Another security risk is “toll” fraud − when a hacker breaks into a company’s telephony systems and uses it to call premium rate numbers, leaving the business with a huge phone bill.

Companies using IP phone networks could also be fined if their customers’ personal data is hacked into or leaked.

For example, Europe’s General Data Protection Regulation (GDPR), which came into effect on 28 May, applies to all UK companies with customers in the European Union, regardless of what happens after Brexit. It applies to data in phone calls as well as written data.

Companies can be fined up to four per cent of their global annual turnover or up to 20 million euros, whichever is greater, if they are found to be non-compliant.

Strong encryption (we use the “advanced encryption standard (AES) 256 algorithm”, as approved by the US National Security Agency) is vital. It lets businesses hide their phone networks from hackers, or deter hackers from targeting them, even if they do find the network.

Conclusion

Switching to an IP phone service underscores the need for strong cyber security to protect against risks including ransomware, phishing and malware, as well as traditional business threats such as fire, flood and theft.

Making phone calls over the Internet is quicker, simpler and cheaper than doing so over ISDN. The technology’s biggest disadvantage for businesses, is that it’s more vulnerable to being hacked. Companies can protect their new networks by using strong encryption and educating employees about cyber security threats. That will provide the security of the old phone network without any of its chunkiness.

Learn more about how Comtec can help you protect your business here