Regular patching

Timely and consistent patching of applications, operating systems and device firmware is critical to managing external threats to a business’ IT infrastructure. Patches are updates released by software vendors which rectify flaws which may have been found after product release. Unpatched systems may give attackers a way to break in to your systems and access data without authorisation. 

Businesses should develop a routine of periodically searching for and applying regular patches to VoIP system components and all other devices in the VoIP setup to ensure that systems are as up to date as possible. Check for

• Operating systems

• VoIP endpoints (softphones, adapters, VoIP enabled handsets)

• Any network infrastructure in the VoIP system (routers, switches, gateways etc.)

• Security applications (eg. anti-virus software)

Ensuring power availability

An uninterruptible power supply (UPS) will ensure that during an internal power outage the VoIP system can still be available for as long as the UPS can provide sufficient battery power. UPS must be available for all VoIP related power requiring infrastructure for effective backup power (handsets, workstations, servers, routers, switches and other gateway devices). For fallback service, organisations can either resort to mobile telephone capabilities, or maintain at least one traditional telephony line running on site.

Contingency planning / backup systems

Backup planning for VoIP systems is essential in an organisation where call functionality is considered critical. To ensure the availability of telephony services, organisations can opt for backup PSTN phones, utilise QoS capabilities or run secondary backup Internet links.

Restricting physical accessibility

The ability to control physical access to VoIP infrastructure is an important consideration for SMEs implementing VoIP. As with any IT system, physical access to core servers would allow a malicious person to cause significant outages to the related service. For a VoIP solution, adequate physical protection is necessary for all VoIP related components. 

Monitoring VoIP usage

Monitoring access and usage is another useful way to ensure the system is used for authorised business purposes only. While monitoring of call patterns is generally easier to undertake with a VoIP system when compared to traditional telephones, the importance of effectively managing the monitoring system and ensuring the integrity of data analysis is increased.

Staff awareness

Ensure staff are trained in the usage of the VoIP solution. This training should include specific reference to safe use of the technology.

Utilising strong passwords

Utilise strong passwords for any password fields (e.g. for logging into your softphone account or administration consoles on other solutions).