PhoneSuite - Blog

The State of VoIP Hotel Phone System Security in 2019

Written by PhoneSuite | Tue, Jun 18, 2019 @ 02:31 PM

In May of this year, the popular messaging service WhatsApp revealed that their system had a vulnerability that might have allowed hackers access to users’ phones. Considering that one of the primary selling points of WhatsApp is its end-to-end encryption, this was devastating news for its more than 1.5 billion users.

So what happened? Using the exploit, hackers were able to implant a powerful piece of malware on users’ phones simply by calling them — even if the user didn’t pick up. The implanted software would then allow the hackers to spy on users’ phone activity without their knowledge.

This was no ordinary hack — according to a WhatsApp spokesperson, “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” Since the attack, investigators have concluded that the attack was linked to an Israeli cyber company called NSO, who denies involvement.

Why Is VoIP Security So Important?

In the old days of analog phone systems, there was only so much information that an intruder could get by compromising your phone systems. They could tell which numbers were called and for how long, but not who was at the other end or the content of the call.

Now, we’re firmly in the digital age. Your hotel’s systems are all online, from guests’ names, addresses, and phone numbers to sensitive financial information. Your guests trust you with all that information, and you owe it to them to keep that information safe.

Failure to keep your guests’ information private is an ethical issue — and, in today’s new age of information security regulations, probably a legal issue. But it’s also an issue for your business. Allowing your guests’ information to be compromised will ruin their trust in you. You’ll lose repeat business and future business, and the media coverage will only hurt more.

Biggest Threats To VoIP Security

Switching to a VoIP system is a no-brainer — it offers a wealth of features, efficiencies, and expansion opportunities that analog phone lines simply can’t offer — but the new digital connections also open you up to new risks.

Confidentiality

Since VoIP systems are integrated with more than just guest phone calls, from administrative duties to billing, any breach of one can create a problem with the whole system. Since your private internal data, guest data, security information, and hotel financials are all stored on your databases, maintaining the security of your systems is crucial.

Eavesdropping

Your guests expect privacy in their rooms, including when they place phone calls. And when you host business conferences or big events, your guests will often be discussing their own business info, which needs to be protected as well. Hackers have an interest in listening in on those conversations — even if you’re a small hotel business, you should be concerned about potential breaches.

In the old days, an eavesdropper would need physical access to your phone system in order to install the hardware they need to listen in. Today, such breaches are conducted remotely.

Intercepting Calls

Call interception is when a call is redirected to a new destination without the knowledge of the caller. Sometimes it’s just done for fun, but it can be nefarious as well — hackers can trick your guests into giving up their financial information by disguising themselves as your front desk, for example.

For a glimpse of how serious this threat can be, watch this segment of Last Week Tonight With John Oliver. In it, a caller is able to impersonate a reporter to the reporter’s mother, including his phone number, and dupe her into telling him her social security number.

VoIP technology is a double-edged sword — one of its biggest advantages is the ability to switch lines without inconveniencing the caller. For instance, if your front desk staff is busy, callers can be seamlessly redirected to a third-party service so they don’t have to be put on hold. But that convenience comes with security risks, so you’ll need to take precautions.

How To Increase Your VoIP Security

So we’ve told you what the potential problems are. What are you supposed to do about it? Some of the burden is on your VoIP provider — luckily, PhoneSuite has ironclad security protocols to keep your data and your guests’ privacy safe. That said, there are steps that you can take at your end to make yourself even safer.

Take Advantage Of Firewalls

A firewall is something that you set up on your internet service, independent of the VoIP provider that you use. Firewalls only let through certain traffic on your internet connection, so you can ensure that your VoIP telephony system is compatible but that unwanted data connections don’t sneak through.

Set up Encryption Protocols

Encryption encodes the information that passes over your phone and internet lines so that if anyone intercepts them, they’ll only see a string of random information instead of anything sensitive or useful. Most VoIP services already have encryption technology built in, so make sure that you’re familiar with how to use them and taking full advantage of their capabilities.

Finally, you can set up a virtual private network (VPN) to re-route all your internet traffic through a secure, third-party server. When it comes to sensitive data, redundancy is always a good policy.

Remember the Human Element

In order to keep your system up to date, you’ll need to make sure your antivirus and firmware software is updated — regular software updates might seem annoying, but they’re important to keep everything running safely.

But remember to consider physical security as well. Anyone with physical access to your systems, whether it’s your server rooms or one of your phones, will be more easily able to compromise your systems.

That means making sure that your employees are up to date on how to securely use your systems, log sensitive information, and transmit data back and forth. If an employee is let go, you’ll also need to ensure that they no longer have access to your systems.

The Future of Data Security

Data security will always be a concern — as hackers get smarter, so do software developers countering them. The most important thing you can do is to keep your software and systems updated — you might not know the ins and outs of your software, but the developers do, and they’re doing their best to keep it secure. With Phonesuite, you can rest assured that your telephony technology can keep pace with any new threats that arise in the digital world.