Dial fraud is something that most organisations shy away from or simply feel that it will not happen to them. Unfortunately any client that has gone through this experience, whether they have been hacked and or received extortionate billing as a result, will warn you to make sure you have the most sophisticated processes in place to stop this becoming a reality.
Here is a quick check list from Switch Communications to help you;
- Remove or de-activate all unnecessary system functionality including remote access ports. If you must have the latter, protect them with strong authentication techniques
- Restrict the numbers that employees can dial: for example, bar calls to premium rate numbers, international numbers, operator numbers or Directory Enquiries.
- Review your PBX call logging/reporting records regularly to spot any increases in call volumes or calls to suspicious destinations.
- Bar voicemail ports for outgoing access to trunks if you can. Change your voicemail and DISA (Direct Inward System Access) passwords regularly and don’t use the factory defaults or obvious combinations such as 1234 or the extension number.
- If access to trunks via voicemail is vital, then introduce suitable controls. Remove Auto Attendant options for accessing trunks too.
- Lock any surplus mailboxes until you have a user for them.
- Restrict access to your core comms equipment, such as your comms room or master terminals.
- Change your security features – passwords, PINs etc – and re-set the password defaults whenever you install, upgrade, repair or maintain equipment.
- Treat all internal directories, call logging reports or audit logs as confidential. Destroy them securely when they’re no longer needed.
- Avoid using tones to prompt for password/PIN entry: hackers find it easy to duplicate them.
- Implement formal processes to cover employee entry procedures, the issuing of passcards and the vetting of new employees and when people change jobs or leave. For the latter, remember to revoke any access they might have had to your systems, mailboxes or buildings.
- Review your system security and configuration settings regularly. Follow up any vulnerabilities or irregularities promptly.
- Be vigilant against bogus callers: people who pose as a company employee and ask to be connected to a switchboard operator to get an outgoing line.