PBX hacking is big business for criminals, with fraud losses estimated to be in the region of $4.4 billion. This type of fraud does not discriminate on size of organisation and the costs to businesses can be substantial.

Toll fraud – the unauthorised use of a communication system by hackers – is a method increasingly used by organised criminals who realise that while businesses are often up-to-speed in protecting their networks and PCs against sophisticated attacks, their communication solutions often prove to be a soft target. Organisations usually only discover they have become victims when presented with the bill!

You’ve been hacked!

Key indicators to look out for are a high volume of calls placed to international numbers from the same internal phone; a peak of long distance, out of hours calls; or an alert from your telephone operator showing multiple short-duration calls to a premium rate number. By this time you have probably been hacked.

Here are the top three factors that put your business ‘at risk’ to hacking: ageing systems, outdated security policies and careless configuration – particularly when it comes to integrating VoIP phones.

But if you answer ‘Yes’ to any of the questions below, then your business is at risk:

• Have the same system passwords been used for more than a year?
• Do end-users use default voicemail passwords?
• Are modems connected to the communication server?
• Are all end-users granted access to international numbers?
• Are telephone services provided to users outside the company?
• Has the system administration team recently undergone personnel changes?

Become a control phreak!

It is in response to this growing menace we have introduced a Toll Prevention Audit service to help companies introduce best practices and protection mechanisms to avoid many toll fraud scenarios. Here are the key elements of introducing best practice to help reduce toll fraud:

• Become a bit of a control ‘phreak’ yourself – Strengthen passwords and policies. Set call barring rules, password protect long-distance calls or premium rate numbers and implement external transfer and forwarding protection.
• Keep up to date with software releases and security patches – Hackers will evolve and so should you, which is why it’s critical to regularly assess your systems’ exposure to fraud. Keep software releases and vendor security patches up to date to ensure you benefit from the very latest product enhancements and technological evolutions.
• Introduce internal awareness – Educate employees about elementary security practices, as well as their duties and responsibilities. Remind them about confidentiality rules and to guard against revealing technical details about the communications systems.

Businesses who apply the right protection mechanisms can make themselves much less appealing to fraudsters, and by following these simple steps it’s possible to ensure your communications solution is not a easy target.

This article originally appeared on The Alcatel-Lucent Enterprise Blog and is re-published with permission