The rapid growth of voice over Internet Protocol (VoIP) phone systems in business environments isn’t too surprising. There are cost savings to be had, for starters, not to mention potential usability and flexibility upgrades from old-school phone systems.


That said, individuals and businesses alike sometimes overlook a key consideration when it comes to VoIP systems: security. That’s a critical oversight. As with any Internet technology, you need to not just embrace the benefits but mitigate the risks inherent in doing anything online. In the same way that you protect — or should protect — your PCs, servers, mobile devices, websites and other digital assets, you’ll want to ensure the security of your VoIP system, too.


To get started, let’s look at three key understandings about VoIP security:


1. Know the potential threats. The most common online security problem in most organizations is ignorance. That’s true almost across the board — by remaining blissfully unaware of risks and best practices, you become to proverbial “low hanging fruit,” a juicy target for online crooks. You can’t maintain a tight security perimeter without knowing the potential threats, after all. Denial-of-service attacks aren’t just aimed at websites, for instance — the same technique of overloading a system with requests in order to crash it and/or gain control of it can be used against a VoIP platform.’s Nadeem Unuth has a good list of threats to get up to speed.

2. Treat security as holistic. This whitepaper makes a straightforward, convincing point: Your VoIP system can only be as secure as your underlying network. In other words, if you currently ignore security best practices elsewhere on your network and in your organization, you’ve got bigger fish to fry. Remediating existing network security holes, preferably prior to your VoIP deployment, will go a long way toward minimizing risks.

3. Educate your team. While people are increasingly aware of phishing scams, malware, and other common Internet threats, they still tend not to think of their phone as a risk factor. Make sure your people understand that their phone is indeed a potential target, and treat it accordingly. Vishing (voice phishing) scams, for example, attempt to trick call recipients by showing fake Caller ID information from an apparently trustworthy source. Put guidelines and policies in place to ensure users don’t give out sensitive information too easily over the phone.