As you may have seen, an uptick of phone-based ransomware attacks has recently been in the news.  While attacking a business through their phone system has been around for many years, the bad actors are looking for new ways to creatively change up their old methods.


What We’ve Seen

Recently, we’ve seen cloud-based phone systems being the target of these ransomware attacks.  In some instances, there are DOS attacks (being attacked by a single IP address) or DDOS attacks (being attacked by multiple, normally hundreds or thousands of IP addresses) that are specifically targeting a business’ phone system, sending so much traffic to the business’ phone lines that normal calls are not able to get through.  In essence, this is shutting down the business’ phone lines.  In other instances, the bad actors are able to get into a business’ phone system and make long distance calls.  They can run your bill up tens of thousands of dollars without you having any idea the calls are being made until you receive your monthly bill.


What Can You Do?


There is no one way you can completely keep your business from being a target, but there are steps you can take to keep your business more secure; similar to putting a security company’s sign in your front lawn won’t keep burglars out, but could deter them just enough to choose another house.  If you wait till a DOS or DDOS attack has already occurred, you’re too late.  It’s always better to plan rather than react.


“It’s Always Better to Plan Rather Than React”


One option to help secure your business, although it can be costly and complex, is utilizing an Intelligent Threat Detection System.  If you go this route, you’ll want to employ the assistance of your IT provider.

An easy and simple protection everyone should follow is changing your default voicemail and admin passcodes.  Similar to the importance of changing any default passwords you’re given, it’s vital to also change default phone and voicemail passcodes and keeping them secure.

Another mechanism that can make it harder for the bad actors to attack your phones is using a hybrid phone system rather than a completely cloud-based platform.  With a hybrid system in place, your business’ phones cannot be directly attacked.  There are generally also firewalls in place for multiple interfaces within the phone system adding to the layers of security.

As with all aspects of security and cybersecurity for a small business, education is key; educating both the business leaders and all of your employees.  It’s also vital to have a security policy in place that includes how your business is working to prevent DOS and DDOS attacks.  And as with any policy, it’s important to ensure that the policy is being implemented and followed and isn’t just another pretty binder on your bookshelf.


How Can I Get More Help?

If you’re concerned and want to help your business stay more secure in today’s ever-changing security landscape, contact us today.