It seems not a day goes by without a story about a security breach or some new malware threat targeting your customers. While we’d like to tell you that these stories are overblown, the threats are real and—regardless of what solutions you sell and support—security needs to be a part of your offering.
This wasn’t always the case, particularly when it came to communications. Voice was limited to circuit-switched, traditional PBXs that were virtually impossible to hack; moreover, doing so typically provided no significant gain so motivation was low. Even instant messaging wasn’t really vulnerable, as the software was typically installed on closed systems available only to people within the network.
Today, things are very different. As communications technology has shifted to reside on IP networks, exposure has increased. Phones, cameras and other UCC endpoint solutions can have their own IP addresses, putting them in jeopardy. Data is most susceptible when it’s in transit, and UCC data is essentially always in transit. This additional exposure equals additional risk.
And protecting communications data is just one aspect of securing UCC solutions. Back in October 2016, unsecured surveillance cameras were used to carry out a distributed denial of service (DDoS) attack using Mirai malware. This was the first highly publicized attack that leveraged Internet “things” for evil. With IP phones and UCC solutions becoming so popular, it’s not unrealistic to think that they too could be leveraged in some mischievous way if not secured.
Thankfully, we’re not helpless. If you’re concerned about the security of the UCC solutions you’ve put in place, here are a few pieces of advice:
Don’t take shortcuts—Most solution providers do a great job of properly configuring firewalls and servers for a website or email, often opening only the port or ports necessary and nothing more. However, when it comes to UCC technologies, unfamiliarity with the technologies can lead to solution providers taking shortcuts. All too often, we see firewalls weakened and hundreds of ports unnecessarily opened to get VoIP or, more likely, video working properly. This obviously creates a giant security risk. Check out this article on penetration testing to learn more.
Don’t overlook antivirus—Although UCC solutions are historically relatively safe, any network deployment that involves new IP endpoints and the opening of firewall ports comes with some inherent risk. Make sure you’re selling antivirus to your customers, and that it’s installed and working. It’s a simple yet effective solution to preventing many avoidable malware events regardless of their origin.
Know what encryption is necessary—UCC vendors will tout that they encrypt data in transit so there are some security measures put in place. However, data is also at risk when it’s at rest, and not every UCC vendor encrypts data at rest. Make sure your UCC solutions rely on encryption of data both in transit and at rest.
The above bits of advice are really just starting points. To secure your UCC solutions—or any other technology you provide—you really need to make security part of your corporate DNA. It’s important, and the stakes will only increase.