Guest Column: UC Security: A Few Best Practices

By David Portnowitz, Star2Star

As ransomware, hacking incidents and massive data breaches continue to play out in the headlines, organizations who rely on VoIP and unified communications (UC) should take stock of what they can do to lock down their systems from attack. It’s a crucial piece of the to-do list for 2018, given that last year set the record for both the most breaches and the most data compromised in a year, as several new trends (like a surge in cloud storage misconfigurations) characterized the proceedings.

According to Risk Based Security’s 2017 Data Breach QuickView Report, there were 5,207 breaches recorded last year, surpassing the previous high mark by nearly 20%, set in 2015. The number of records compromised also surpassed all other years, with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion.

Here are five considerations for securing your UC system:

Protect Communications Channels. Above all, you need to protect against unauthorized access to sensitive communications and information, taking steps to guarantee that the integrity of that data has not been compromised by insecure interactions that may allow proprietary information to be intercepted. This generally involves encryption, strong authentication and an audit of who has access to what information and under which circumstances. Focus on how the UC system will be used in its different modes of communications (voice, web conferencing, video calls and presence, etc.) and think about if there need to be restrictions related to their business use.

Compliance. It’s also critical to perform compliance audits to make sure you’re on the right side of a variety of industry and government regulations surrounding data privacy. To do this, you need a way to track usage of voice, messaging and video communications for auditing, compliance and business planning purposes. Regulations include the well-known HIPAA requirements in the medical field, a range of financial industry requirements, and new things on the horizon, like the EU’s General Data Protection Regulation, or GDPR, set to go into effect in May. It covers any company that has any dealings with European citizens, and carries strict requirements for data safety. Non-compliant organizations face strict penalties of up to 4% of global annual turnover.

Implement Network Security. IP voice and other UC packets represent just another type of traffic on your network, so the general best practices for network security apply. It’s important to use firewalls to prevent unauthorized traffic from entering or leaving your company’s network, which will help protect your business from attacks and malware. Also, other forms of network access control (NAC), intrusion protection and detection and more will help to establish a perimeter around your crown jewels.

Don’t Forget Mobile. Especially in this era of bring-your-own-device (BYOD) and having remote workers connecting to corporate resources via public Wi-Fi connections, companies must make sure that communications on employee mobile devices are secure. That means on internal or external wireless LANs, cellular or wired networks. Using strong, two-factor authentication and encryption is key, as is VPN functionality for users that connect from home or a public Wi-Fi hotspot. Mobile device management software is available for locking down company functions on a user device as well.

Patch, patch, patch. Performing regular maintenance and keeping security protections up-to-date on both endpoints and the UC system itself should not be a “nice to have.” Taking advantage of unpatched systems with known security flaws is one of the top ways that bad actors enter company networks to install malware or exfiltrate data. Patching can be a labor-intensive process, but the effort taken to do it can prevent significant brand and financial damage down the road.