The Ideas Distillery
  • Home
  • ISO systems
    • Benefits of ISO systems
    • How to get (and keep!) ISO certification
    • ISO certification FAQs
  • Implementation
    • ISO Implementation overview
    • ISO 9001 QMS Support
    • ISO 14001 EMS Support
    • ISO 45001 H&SMS Support
    • ISO 27001 ISMS Support
    • Certification Threshold Service®
  • Maintenance
    • Maintenance Services Overview
    • Certifications Compliance Package - Bronze
    • Certifications Compliance Package - Silver
    • Certifications Compliance Package - Gold
    • Internal Audits Service
    • Online Compliance Management
  • Improvement
    • Business Process Mapping
    • ISOs and business improvement book
    • ID TV Channel
  • About
    • Contact
    • About Us
    • Meet our team
    • Video Testimonials
    • Blog
    • Knowledge Base
    • Press Room

hacking telephone systems and information security

1/17/2019

0 Comments

 
Picture
Increasingly, hackers are gaining access to corporate phone systems, allowing them to place long distance and international calls through major telecom networks using local systems.

Your organisation could be a victim of this type of fraud and would be responsible for all phone charges. Usually the owner of the phone system isn’t aware it’s happening until an enormous bill from their phone provider arrives. Having a properly secured telephone system is the best way to prevent telephone hacking and mitigate the potential damage and resulting costs to your organisation.

A private branch exchange – or PBX – makes connections among the internal telephones of a private organisation – usually a business – and connects them to a public telephone network via trunk lines, and incorporates telephones, fax machines, modems, and more.

Telephone hackers can infiltrate vulnerable PBX systems to make international and long distance calls, listen to voicemail, or monitor conversations. Victims of hacked PBX systems unknowingly allow the hackers to “sell” the use of their telephone system to others or provide the hackers with an opportunity to maliciously reprogramme their system.

Most PBXs today are software-driven and, when configured improperly, can allow hackers to access the system remotely. By controlling this PBX maintenance port, hackers can change the call routing configuration, alter passwords, add or delete extensions, or shut down a PBX, all of which can be disastrous for an organisation.

Some hackers call in on lines intended for customer use, some use stolen telephone cards, and some will even impersonate someone else to socially engineer their way into your system.

The better informed you are the better protected you are from the risks. You need to stay on top of the current threats, and establish and follow a policy on security for your system.

The principle aim of telephone security is to deter hackers from taking control of a telephone system, as fraudsters after free calls will usually move on to other PBXs if it takes too long to break into a system.

Organisations shouldn’t underestimate the difficulties that can be experienced with this issue. In 2006, the first cybercrime survey conducted by Information Systems Security Association found that 29 per cent of large organisations had fallen victim to telecom fraud at some stage.

In October 2011, the Communications Fraud Control Association reported the results of their 2011 Worldwide Telecom Fraud Survey which told us that estimated annual fraud losses are over £25 billion, and the top five countries where fraud originates include the United States, India, and the United Kingdom.

Some risks can come from, for example, maintenance ports on PBXs which hackers can easily exploit when the ports are left open and are protected by either weak or default passwords.

Organisations often use simple passwords such as 0000, 1234 or the same number as a particular phone extension, which hackers can easily guess to break into the system and run up large phone bills without the victim knowing until they receive their next bill.

You can combat this by installing systems that can bar access to premium rate numbers or even block international calls if the business doesn’t need them.

If you would like to look at how to implement an ISO 27001 information security management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

      NEVER MISS AN ARTICLE - SIGN UP FOR OUR BLOG UPDATES
    Submit

    Welcome

    Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.


    Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...
    FREE ISO GAP ANALYSIS

    Categories

    All
    Environment
    Health And Safety
    Information Security
    ISO Management System
    Quality


    Archives

    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    July 2020
    June 2020
    May 2020
    April 2020
    February 2020
    January 2020
    December 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018

    RSS Feed

Ideas Distillery logo
T: 029 2196 1066
E: info@ideasdistillery.co.uk
Picture
Picture
Read about our ISO implementation services...

Read about our ISO maintenance services...

Sign up to our free, genuinely useful Monthly Newsletter full of ISO news, regulation bulletins, top tools and blogs
​GDPR Data and Information Policy
​Privacy Policy
HTML sitemap
XML sitemap
  • Home
  • ISO systems
    • Benefits of ISO systems
    • How to get (and keep!) ISO certification
    • ISO certification FAQs
  • Implementation
    • ISO Implementation overview
    • ISO 9001 QMS Support
    • ISO 14001 EMS Support
    • ISO 45001 H&SMS Support
    • ISO 27001 ISMS Support
    • Certification Threshold Service®
  • Maintenance
    • Maintenance Services Overview
    • Certifications Compliance Package - Bronze
    • Certifications Compliance Package - Silver
    • Certifications Compliance Package - Gold
    • Internal Audits Service
    • Online Compliance Management
  • Improvement
    • Business Process Mapping
    • ISOs and business improvement book
    • ID TV Channel
  • About
    • Contact
    • About Us
    • Meet our team
    • Video Testimonials
    • Blog
    • Knowledge Base
    • Press Room