Comms Business Magazine talks to Channel Islands based JT Group, formerly Jersey Telecom, and asks, ‘No business would knowingly leave its front door open over the weekend, and invite anyone to walk in and use its phone system… or would they?’
Tim Ringsdore, Chief Relationship Officer, at JT Group says most businesses have proper physical security (known as door locks) to prevent that happening. Right? Well actually, no.
“In today’s world, a ‘break-in’ can be a very sophisticated attack indeed, one a user may only detect when they receive a telephone bill which is many times its normal size. The more ‘connected’ we get through technology enhancements, the greater the risk that our security can be compromised. And without taking some simple precautionary measures, businesses are just as open to a technological security breach and potential fraudulent activity as if they had left their doors wide open.”
Neil Kitcher is the Sales Director for JT and has seen this type of fraud escalate in recent years: “It’s gone from petty crime, to serious organised crime. Some premium rate numbers carry a connection charge of more than £1.00, which is levied even if the call time can be measured in milliseconds. If those calls are made often enough by either an automated system, or simply by unauthorised use of your phone system, the cost mounts up very quickly. Fortunately, we have been able to help clients implement simple systems to monitor what is happening on their network, and close down the possibility of this happening”.
Voicemail can also be a major vulnerability. JT have worked with clients who have had their voicemail hacked late on a Friday night (by simply guessing an unchanged pre-set password), and then reconfigured to make external calls to premium-rate numbers all weekend. Once the fraud was discovered on Monday morning, more than £20,000 in call charges had been accrued already.
However, fraudulent activity is not restricted to systems being remotely hacked. Unauthorised use of the phone system by people who have authorised access into the company office is also increasing. Physical access to a desk phone can result in a similar type of fraud previously mentioned by diverting calls or simply by personal calls being made to expensive destinations and a hacked system bouncing incoming calls back out again to selected external numbers. The growth in the number of staff members working from home adds a further dimension to this issue.
At the higher end, this activity can hopefully be identified by the ‘telco’ through irregular call patterns being picked up, rather than the affected company it-self.
But, sadly, if at a low enough level, this could go on for years – particularly if your only ‘check’ is to see if the monthly phone bill stays roughly the same; all you are really ‘checking’ is that the same amount of fraud has gone on undetected!
The good news is, since JT acquired Worldstone in 2012, we have further strengthened our position and can now even more comprehensively help customers ensure that their telephone systems are secure. This union of ‘telco’ with managed service provider has enabled us to deliver real insights and added value on this particular issue. Some are very simple, such as advising customers to ensure that they change the pre-set password on their phone and voice mail systems after it is installed – believe it or not, but 0000 or 1234 are not that difficult to hack, and the manufacturers’ pre-sets for most systems are readily available on the internet. Equally, through working very closely with our clients, and understanding their particular problems, we have learnt that solving this issue may be far more complex than a simple (and regular!) password change.”
Tim Statt, a Network Design Consultant at JT, has seen these types of fraud in action and uses that knowledge to help clients protect themselves: “Firstly, you need to make sure that the phone system is properly set up for the needs of the people using it; that means only those who need to dial a number with an international or premium rate prefix are able to do so; or you might make sure that only those users who really need to be able to set their phone to bounce incoming calls to another number (such as their mobile or home phone) can do that. In a way, you make sure that ‘exceptions are the rule’, meaning that most staff members can’t use these functions, except for the ones who really need to. Secondly, it can be worth investing in call logging software, so that you can monitor what calls are being made on your account, when and by whom. We help customers of all sizes by setting these systems up for them so that they automatically register unusual call patterns, and then alert you to a potential problem by text or e-mail.
Some phone systems may have previously been isolated and didn’t interface with the rest of the infrastructure, but with our help are now fully integrated parts of the IT system.”
Raj Dave, Director of Product Management for Worldstone explains; “To get a fully converged system right, it is necessary to really understand a customer’s requirements and likely usage. For example, we need to make sure those data-hungry parts of the new system, such as tele-conferencing or making video calls, doesn’t negatively affect the service quality in other areas of the company network. That means we need to be able to look at both the voice and data requirements, and design an integrated system which prioritises correctly, according to a customer’s actual needs – it also needs to be able to develop as those needs change. That is an important aspect of implementing a new converged phone system which is often overlooked.”
Tim Ringsdore concludes, “In summary JT we work with customers to ensure that the security of their telephone within the wider company IT network is effectively integrated. We recognise that this is critical to business success, not least in terms of cost control, by preventing them becoming the victim of an expensive fraud. Increasingly customers are coming to us for our expertise in this area as crime becomes more sophisticated, but so do the measures we deploy to protect our customers.”