Cyber security: prevention is better than cure
A Gov UK survey, published in April 2023, revealed that 32% of businesses have suffered a security breach or cyber attack in the last twelve months.
For medium-sized businesses, this jumps to more than half, while 69% of large businesses have been affected. As they adopt more collaborative, cloud-based technologies, businesses must take better precautions to prevent cyber hacks, as UK and Ireland country manager Ross Slogrove, at VoIP business phone system provider Ringover, explores.
At best, cyber attacks are an inconvenience. At worst, they could prove catastrophic. It’s not just the disruption and cost implications that impact a business, but it’s also about the risk such attacks can pose on employee and customer data.
Supporting cyber awareness
Cyber attacks have been around as long as the internet. But in recent years their frequency and the creative ways used to infiltrate businesses has increased. And no one is exempt from being targeted. Often, cyber attacks are made possible by a lack of knowledge on the user’s part. The new cyber security briefing published in June 2023 by UK Parliament revealed that an estimated 95% of cyber attacks succeed due to human error as a result of opening attachments in malicious emails and using weak passwords. For example, Capita, the UK’s largest business process outsourcing firm, will reportedly lose £20 million after responding to a ransomware attack in March 2023.
The briefing also discusses how the overarching policy on cyber security is contained in the National Cyber Strategy (NCS) 2022. The strategy sets several objectives intended to achieve the Government’s vision that “the UK will continue to be a leading responsible and democratic cyber power, able to protect and promote our interests in and through cyber space in support of national goals.”
The NCS 2022 takes a ‘whole-of-society’ approach to cyber security, arguing that to improve the UK’s resilience to cyber attacks, the government must collaborate with private sector organisations and cyber security professionals. However, businesses cannot rely on others to see change. With IT systems vital to the functioning of society and the economy, businesses must ensure the systems used are as secure as possible.
Cyber credentials
While phishing is the most commonly reported cyber attack – with 83% of UK businesses reporting a phishing attack in 2022 – vishing, or voice phishing, is also on the rise. This method involves calling the target directly or leaving voicemails impersonating a reputable company in order to get access to confidential information, usually for monetary gain.
Which? reported in June 2023 that O2 customers were being targeted by vishing scammers who were promising a 50% discount on their phone bill. Those that accepted received a text message containing a passcode, which the scammers used to try and get into the customer’s O2 account to take out further contracts.
While victims of such scams were later contacted by the real company with advice on what to look out for in future, businesses must ensure they don’t fall victim to similar scams. And that begins with a secure business phone system.
Compared to traditional phone lines, Voice over Internet Protocol (VoIP) can be more secure. For instance, VoIP uses Session Initiation Protocol (SIP), which enables voice communication to be compressed and transmitted as media streams over the internet instead of traditional phone lines.
Furthermore, VoIP systems require login credentials that must be provided by users to establish a connection and multi-factor authentication can enhance security as it makes it challenging for unauthorized users to gain network access. Of course, VoIP doesn’t come without cyber risks. Businesses may face cyber threats due to the use of a Voice over Misconfigured Internet Telephones (VoMIT) tool, which allows cyber criminals to extract voice snippets and confidential information from the calls.
However, a secure VoIP software provider, such as Ringover, employs added security benefits through end-to-end call encryption, which ensures that the content remains unreadable even if hackers gain access. Additionally, Ringover complies with GDPR regulations as customer information resides in secure EU-based data centres at all times, and is also a member of RIPE Network Coordination Centre, to ensure calls are securely passed through the safest and some of the most reputable international telephone operators.
No business is immune from cyber attacks and robust procedures and checks must be in place to prevent avoidable disasters. Particularly for businesses looking to unlock the benefits of VoIP, it’s imperative they are well-informed about the security features of their chosen phone system, which play a vital role in ensuring the safety of their data, customers, and employees.