Data Security for Business Telephone Systems: A Guide

Over the course of the past two years, the rise in threats to data security – both on an individual level, and a business level – has been nothing short of dramatic.

In some ways, a development like this is to be expected.

As the capabilities of modern technology evolve and become more sophisticated, so too will the nature of the risks and threats it can present to us – or that it can be used to create.

Throughout 2018 and 2019, ransomware and cybercriminal activity targeted at commercial organisations and supply chains had already been steadily mounting.

But the turbulence of 2020 created a perfect storm for new data threats and vulnerabilities to emerge, eventually culminating in a record-breaking year for data losses, breaches, and cyberattacks…

According to Beaming, UK businesses each faced an average of 686,961 attempts to breach their systems; 20% more than in 2019

Scam calls shot up by an enormous 850% in the US alone, according to data from Hiya

And according to the Guardian, the UK’s cybersecurity team has taken down more scam campaigns and fraudulent websites between 2020 and 2021 than in the previous three years combined.

Employee errors and lessons in awareness

But this rise in breaches and attacks was down to more than just the advance of technology.

It was also down to opportunism.

Exploiting the global atmosphere of urgency and panic, but most significantly the lack of readiness among the countless organisations and businesses forced to go remote with immediate effect.

And this sudden short-term plummet in resilience experienced by teams around the globe revealed something – the average levels of training, knowledge and awareness regarding data security threats and precautions were, and continue to be, frighteningly low.

How organisations are increasing the resilience of MS Teams

While strides forward have been made since 2020, statistics show that data security preparedness among businesses still leaves something to be desired across the board.

Most businesses have bad habits to weed out, and training needs to be undertaken.

According to the Ponemon Institute, while breaches are often attributed to external threats, nearly 66% of all data breaches are due to negligence, system glitches, and human error.

On top of that, Retarus recently reported that:

Less than 23% of organisations have an incident response plan in place

43% of companies didn’t conduct a data security risk assessment last year

And nearly 80% of senior IT security leaders think their business lacks sufficient data protection – despite having raised their security investments in 2020.

Data security and business telephone systems

When we hear the word data, we tend to think of stored files on a computer, or personal data connected to a social media platform or online account.

But the vast majority of modern communications devices create and transmit huge amounts of data as part of their day-to-day use.

Data security therefore, isn’t just something that concerns your IT department. It is something that concerns your entire business communications infrastructure.

Many business telephone systems for example, use what is called an Internet Protocol, or IP.

Unlike the PSTN systems of the early 20th century, which transmitted analogue voice signals over copper wire, Internet Protocol works by converting voice inputs into millions of data packets, which are rapidly sent to the recipient over the internet.

If you’re a business using some form of IP telephony, you are having countless confidential calls and messages, relaying potentially commercially sensitive or business-critical information.

Ensuring the voice data on these calls remains protected and isn’t open to abuse or manipulation from an external attacker, is vital.

And as we near the brink of a sea change in Internet Protocol adoption, it is imperative all organisations across all sectors become aware of how migrating to an internet-based telephone infrastructure will change their current security considerations.

Otherwise, we may find ourselves vulnerable to another surge of exploitative and opportunistic threats to our data security.

Approaching the ISDN Switch Off

For those not already in the know, or that haven’t read it elsewhere in our previous content, by 2025, the UK’s existing telecommunications network will be switched off for good.

From then on, everyone will have to adopt an IP telephone system.

Which is a good thing.

For many businesses it is a long overdue change, and the huge benefits these systems can bring in terms of reducing costs while increasing flexibility, performance and business longevity, are more than worthwhile.

But this also means that many businesses are having to take a step into the unknown, and not only that, doing so during a time of increased vulnerability.

Why now is the time to prepare

As more and more businesses adopt internet-based phone systems, data-driven communications will expand, and so will the need for the highest levels of protection concerning your communications data.

Businesses that are yet to migrate their phone system to an internet protocol need to ensure they apply due care, time and consideration to their investment decision.

Especially if they want to preserve the security of their data, and the longevity of their business.

As we approach the date of the ISDN switch off, organisations not only need to identify and action their training needs, but they also need to ensure they invest in a reliable telephone system, with high-level security in its DNA

Read our blog on the 5 Qualities of a Secure VoIP phone you can trust

What makes a reliable business telephone system?

There are 5 key characteristics of a reliable telephony solution.

And when we say solution, this refers to both the standard of the telephone software itself, as well as the service it comes with.

We’ll lay them out here, before covering each one in depth.

End-to-end data encryption
Secure external data centres
Geo redundant infrastructure
Stringent adherence to the latest standards
Skilled, on-hand technical support

End-to-end data encryption

This is a term you might have already heard if you’re familiar with certain aspects of IT security.

In layman’s terms, end-to-end encryption refers to the practice of making sensitive data unreadable or inaccessible to those who are not authorised to read or access it.

This means that if it falls into the wrong hands or is intercepted during transfer, it cannot be exploited for malicious use.

With end-to-end encryption, the data in question can only be accessed in a clear and readable state by someone who can pass a multiple-step identity verification, to prove that they have the right to view the data, or by using what is known as an encryption key.

How do IP protocols use encryption?

As mentioned above, in the case of IP telephony, voice information is transmitted in the form of data packets. This data can also be encrypted, to help protect businesses from eavesdropping, and other potential communications breaches.

The right IP telephony solution will ensure all data and calls are encrypted, and therefore protected against external attackers.

The usual method for voice encryption is called Secure Real-time Transport Protocol (or SRTP for short).

Click here to find out more about SRTP and voice encryption

Secure external data centres

In the days of PBX and other on-premise phone systems, communications data, along with the actual phone hardware itself, would be stored on site.

Typically this would be in a dedicated server room, or the basement of a company’s office building.

It was also typical that these storage areas were left unprotected – with no surveillance, and no security detail to speak of.

A lot of us will think of data security in terms of blocking hackers that are attempting to obtain sensitive information from a remote location hundreds of miles away.

But the truth is that high-level data security can only be achieved by safeguarding your business from physical breaches as well.

Learn more about data centre security and why it matters to your business

Why off-site data centres are the best option for security

Having an external data centre means having your communications infrastructure stored and managed at a secure and remote location.

It’s the telecommunications equivalent of choosing to store your savings in a secure bank vault, rather than under your mattress at home.

External data centres come with numerous benefits that will serve to keep your data and your communications infrastructure more secure.

Data centres are overseen by a dedicated team of data security professionals, they have robust failsafe procedures, and the operators of these centres are legally obliged to adhere to the most stringent regulations and legal requirements around data storage.

Geo redundant infrastructure

Remember what we said about the security provided by external data centres?

Geo redundancy takes the security credentials of a data centre even further.

In short, a geo redundant communications infrastructure is one that works from several data centres, based in a number of different geographical locations.

From a security perspective, the main benefit of geo-redundant infrastructure is that it provides a highly resilient failsafe in the event of an unforeseen disaster or emergency.

Keeping your communications up and running no matter what.

If one data centre managing your service goes down, the data and service you receive can immediately failover and connect to the secondary data centre

This serves to safeguard your telephone connection, and your business communications in general, from almost any risk.

Whether one data centre is subject to a power cut, or even something as dramatic as a fire, earthquake or tornado, your critical applications and data will remain available with zero interruption to your service

Data breaches and downtime

The relationship between business data and downtime is somewhat of a chicken-and-egg situation.

Many instances of downtime, other than those caused by a power outage or natural disaster, are caused by cyberattacks or deliberate forms of data breach.

Equally, downtime itself is also a significant contributor to data breaches, as well as the loss of data.

50% of enterprise employees have reported losing access to critical data during a network outage. And this percentage is even higher among smaller businesses.

During downtime, employees are also more likely to use unvetted third-party services as a workaround – such as Dropbox or WeTransfer – which can place business-critical and commercially-sensitive information at serious risk.

This is why minimising communications downtime is critical for businesses wanting to achieve higher levels of data security.

And why opting for a cloud telephony solution that works on geo-redundant architecture will provide your business with a significant security benefit.

Stringent adherence to the latest standards

Whether it’s security best practices, legal requirements or regulatory and compliance controls, a reliable cloud-based telephony service will be built on the most stringent standards and principles.

Your cloud telephony provider will process masses of confidential data on behalf of your organisation on a daily basis, so they have a duty to ensure it is handled and processed safely and responsibly.

The best IP telephone solutions are purpose-built to make compliance and regulatory adherence easier.

Phone systems that store data in unprotected server rooms, or data centres in countries that are subject to different regulations can make compliance far more complicated than it needs to be.

Or worse, they can even place you at risk of noncompliance, which comes with the costly repercussions of heavy fines and potential reputational damage.

When researching your business telephone system, look out for security certifications and accreditations, and cross-reference these with the required standards for your industry and location.

For us as providers to the UK and the EU, security by design, GDPR, and other EU data protection laws are a good start.

And if you’re investing in a phone system for a contact centre, PCI and FCA compliance are paramount.

Learn more about PCI and FCA compliance for contact centres

The most secure solutions will also offer regular checks and audits conducted by trusted third-party security experts as part of your service level agreement.

Skilled, on-hand technical support

A lot of communications systems and data-driven collaboration tools work on a self-service basis.

While that isn’t necessarily ineffective or undesirable – particularly to larger companies who have the resource to handle technical issues in house – having on-hand technical support included as part of your service offering is generally a good sign.

It’s an indication of both a telephone system that you can trust, and a provider that treats the security of you, your business and its assets as a top priority.

Look for something that is dedicated, round-the-clock (this is vital if you manage an international team), and that does not set a cap on support hours per month.

Is the cloud a cause for concern?

In the early days of cloud technology, the vast majority of new cloud-based systems were faced with overwhelming concerns about security.

Since then, cloud-based technologies have reached exceptional new heights, repeatedly demonstrating that they are secure and reliable.

In fact, with cloud technology being at the point it is, any remaining security concerns one could have would arguably not be due to the cloud itself, but more due to how the cloud is used – whether that’s by the business or service provider in question.

True to this, as far back as 2017, Gartner boldly stated that by 2025, 99% of all cloud security failures will be the user’s fault.

Plus, using a service that is managed by a third-party service provider – dedicated to keeping your communications up and running, and your data secure – leaves you far less vulnerable to risks posed by human error when compared to a solution that is managed and stored in house.

Why we recommend a cloud-hosted telephony system

By design, cloud-hosted telephony (or simply cloud telephony) fits many of the criteria outlined above.

And while every service is different and will not necessarily match every characteristic, the best ones on the market certainly will.

Cloud telephony is a software-based solution, meaning that rather than being powered by bulky hardware systems stored on site, it is managed and operated via the cloud by a third-party service provider, from one or more remote data centres.

Some organisations may prefer the idea of maintaining full control and ownership of their communications infrastructure, and opting for solutions like SIP Trunking.

However, not only does owning your communications infrastructure require significant upfront investment, and resource demands for installation and maintenance, it also means that keeping things up and running is an in-house responsibility.

And we all know how quickly in-house resources can become strained and stretched.

With a cloud-based solution managed by a third party, you can rest assured that you have a dedicated team handling the upkeep and performance of your telephone systems.

After all, keeping you up and running is built into the provider’s business model!

Plus, regular testing of their backup and disaster recovery processes is a requirement for cloud providers looking to achieve the necessary compliance certifications.

And, the data centres they use are subjected to regular audits and strict regulatory controls.

Data security for business telephone systems: the takeaway points

2020 and beyond have seen a steady rise in data security threats snowball into an exponential surge.

With attackers exploiting the vulnerabilities of remote teams, insufficient internal practices and precautions, as well as the general atmosphere of panic, the need for businesses to raise their standards of data security has never been more apparent.

In a matter of years, all organisations will have migrated to an IP telephony system. If they haven’t already, now is the time for decision-makers to prepare for this upcoming sea change, ensuring that the solution they invest in for the long-term is reliable and secure.

With data-driven Internet Protocol set to become the standard for all business telephone systems, it is clear that data security is not simply a concern for your IT department - it is a concern for your entire communications infrastructure.
With the ISDN Switch Off on the horizon, businesses need to take due time and care and research the right telephony solution for them. Most importantly, given the current climate of data security threats, it needs to be reliable and secure.
There are 5 key characteristics of a reliable IP telephony solution, we recommend looking for these to ensure you have the most secure option available:
- End-to-end data encryption
- Secure external data centres
- Geo redundant infrastructure
- Stringent adherence to the latest standards
- Skilled, on-hand technical support

Leading cloud telephony solutions are secure by design. Plus, as a managed service with a dedicated team, it drastically reduces the risk of data breaches caused by human error.

NFON delivers secure, reliable cloud telephony solutions to businesses across the UK in Europe, in line with the most stringent data protection regulations.

Talk to our team today to find out how we can help you.