Terry Faria, Telecommunications manager at Quiss Technology plc*, explains that for many UK law firms there is a significant risk to the security of their communications that is largely being ignored…
Telephone system fraud is a growing problem, with many businesses falling prey to the scammers, some without yet realizing it. The problem only really comes to light when an unexpectedly high telephone bill arrives and by then it’s too late. Hackers have already accessed the phone system and run up huge bills, generally for overseas phone calls, without anyone being aware.
The crime has become an organized fraud netting criminals huge profits. And they are not just targeting large corporations; there is growing evidence that law firms are being targeted in increasing numbers, as they are seen as an easier target, with their growing exploitation of mobile technology.
Law firms are working hard to secure their data networks and ensure compliance with the Data Protection Act and the SRA guidance, but the telephone system is something of a blind spot. For most organisations, regardless of their size, managing their phone system can be a problem, with the setting and regular changing of voicemail passwords something that often gets overlooked. Users also pick easy to remember passwords to protect their voicemails and these can be easily guessed by hackers.
Phone systems can be remotely accessed to allow system administrators to change the configuration and alter settings. But there is growing evidence that some installation engineers are employing hidden backdoors into the systems and members of staff are deliberately revealing passwords to allow undetected access. Once a fraudster has gained access it is relatively easy to set up a call forwarding feature. It allows anyone in the UK to call the compromised system at a local or national rate and the call will be forwarded to a foreign destination at the expense of the organisation that owns the hacked system.
Hackers also target obsolete extensions on a host system, crack the voicemail code and force the system to dial international premium rate phone numbers owned by the hackers. This scam recently cost Hambleton District Council in North Yorkshire approximately £30,000 in just two days. There is little chance of redress and as the system owner is contractually obliged to pay the bill, whatever the amount. Prevention is the key.
There is a lot that can be done to significantly reduce the risk of being defrauded. Regularly changing passwords and ensuring they are robust enough is a start. Asking your service provider to bar calls to international numbers and country codes not on a specific list will lessen the damage should a system be hacked. Some of the features of phone systems like call forwarding are a benefit to organisations, but a security audit will throw light on the weakness of any system and help determine the features that are useful and the features rarely used that present a risk.
The simple solution is to deal with reputable service providers, ideally those with an understanding of both data and voice networks. Ensure they secure your system and monitor it regularly for evidence of attacks or security breaches. But whoever you choose to talk to, don’t ignore this issue or you could be next.
* Quiss Technology plc helps clients improve the performance of their organisations through the appropriate IT and telephony infrastructure, expert advice and practical support. Client service is key to their offering and the firm’s ISO Quality Standard accreditation stands testament to the importance attached to maintaining exemplary service levels. Quiss is a Microsoft Gold Certified Partner and operates from headquarters in Tamworth, Staffordshire and offices in Harrow, North West London. www.quiss.co.uk