Secure Business Telephony

How security minded is your business? Do you have a simple burglar alarm, or perhaps you have security door locks and require all visitors to wear passes? Are certain computer files security protected, or maybe the invoicing and payment system is maintained under tight control?

However tight your security, it’s always the one area which you don’t even consider to be a potential risk which can lead to your downfall. And for increasing numbers of people and businesses, that area may well be the humble telephone. In fact, according to Financial Fraud Action UK losses due to telephone banking fraud rose 95% in the first six months of this year.

That means that in just six months, fraudsters netted £14.4m simply by telephoning individuals and businesses. In fact, the figure could have been much higher with bank security systems preventing 80% of attempted remote banking frauds. It’s not clear whether these figures include the £1 million handed over from a single company to fraudsters who phoned and pretended there was a virus on the firm’s banking system.

So what can businesses do to protect themselves against these types of frauds? One of the simplest and most effective measures is to train staff not to provide information or access to systems to unknown callers. In the past the standard advice was to put the phone down and call back but with fraudsters becoming increasingly more sophisticated, the advice has been expanded to ensure that the callback is made from a completely different telephone line or mobile. Remember, no reputable organisation will telephone and ask people for personal details, bank information or passwords.

It’s also important for organisations to consider whether they need to take steps to secure their telephone system. Areas for consideration include regularly changing telephone passcodes, programming the central switchboard to take down access to unused phones, and regularly reviewing call answering pathways to ensure that only authorised people have access to certain types of calls.

For example, you may not want your accountancy office telephone hunt group to include temporary or new members of staff. It may also be worth considering whether certain peripatetic members of staff should be provided with PIN access to help to secure their individual phone lines. And do you really need to allow your people to have full access to international and premium rate calls?  If your business is in the UK then bar calls abroad, or at the very least protect such calls with a PIN access code.  This will not only help to prevent unauthorised access it will also stop people from inadvertently calling back premium rate line scammers.

 Whilst we are on the subject of premium and international calls, it is worth taking steps to restrict access to phone lines when the office is closed.  Times like Christmas and Easter are particularly valuable for fraudsters as they have potentially unlimited access to your office and phone lines with little chance of being found out for several days. So take phone systems down when the office is closed or at the very least allow access only to trusted members of staff with a PIN code.  

However sophisticated your fraud prevention measures are, at the end of the day most security breaches come down to human failing or error. It is therefore important that the telephone security message is not simply buried in the procedures manual but is regularly reinforced. Security is a state of mind; when it comes to telephone security make sure your people have the need for security at the top of their minds.

Written by Alison