Calling security

Back to work after the Easter break and it’s time to check if your phone security stood up to the test of a long double bank holiday weekend. And this poses a problem. With potential fraudsters only targeting a small minority of businesses, how do you know that your system is safe unless it has successfully repelled a potentially fraudulent attack?

The first thing to say is that complacency is not an answer. Even though telephone fraud will only affect a minority of organisations, nevertheless telephone fraud worldwide is estimated to cost some £25.5 billion per year with the UK being the world’s third most targeted country. And although telephone companies and providers are constantly looking for ways to increase phone security, as with a lot of fraud the weak link is often the people who use the phone system.

For example, your state-of-the-art telephone security won’t be much good if your employees regularly share their telephone pin numbers or stick to the factory installed pin codes. And you may have restricted access to international calls or premium rate calls to a very few extensions; but here again your precautions won’t amount to much if those extensions are regularly left unmanned as people wander off to lunch or to meeting rooms.

That’s why it’s so important to take telephone security, alongside other to security measures, away from the mundane and the routine and make it a part of the culture and ethos of the business. When people are simply asked to follow processes the chances are that sooner or later they will get careless. When people are helped to understand the reasons behind those processes and are encouraged to actively think security for themselves, they are far more likely to maintain good telephone security techniques.

And yes, changing pin codes on a regular basis, switching off access to extensions when they are not in use, and carefully reviewing overseas and premium rate restrictions is a good place to start. But here again these are not the only solutions and every business should work carefully with its people and advisers to ensure that its approach to telephone security is appropriate for the business model.

There is one other area of business phone security which it is important for every business to understand and that is the way in which people interact on the telephone. Is personal or security sensitive information simply being divulged in response to a telephone request, or as part of an unguarded discussion? Do your people regularly take callers at face value or is there a call-back process in place? And are people encouraged to check before they act?

Independent verification and call-back may add to the timescale, but ultimately it could prevent the business from falling victim to fraud. And as long as the processes which you follow are appropriate and well explained, your customers are more likely to appreciate the care which you are taking. For example, one of our colleagues currently has two relatives in different hospitals; one of which checks the caller’s number on a preapproved list before divulging any information, whilst the other seems happy to release patient information without asking for any caller verification. Our colleague is far more appreciative of the care given by the hospital which verifies caller information.

No matter what automated processes are in place, ultimately telephone security is in the hands of your people. Perhaps it’s time that they took the lead in identifying and preventing potential causes of telephone fraud.

Written by Alison