The Best Defense is a Good...Password Protection Policy

Recent media reports have been filled with news of hackers breaching secure business databases. With security on the tops of our minds, we wanted to remind our customers of a few steps that can help ensure that your phone system remains safe.

As in many sports, the best defense is a good offense – in this case, the offense is a strong password protection policy. Create a solid policy that best fits your users and your business needs. Then make sure each employee is aware of, and implementing, that policy.

Keep Your Password Private

The first step is to make sure that everyone on your staff understands that Alternate Access will never contact them to ask for your system password. Repeat that mantra several times. Have your staff repeat it.

It may seem like common sense, but scam artists can be convincing, especially when they catch you off guard. A common toll fraud scam begins with a caller stating that they need your system password in order to provide technical support for it. Once the scam artist has that password, he or she can access your system to place outbound long distance or international calls.

Implement Password Standards

Your business may benefit from enforcing company-wide password standards, such as instituting a minimum password length. Generally speaking, four to six digits is an optimal length for your password – long enough to challenge a hacker and short enough for you to remember. For consistency, it is wise to pick a set length for all employees to use.

Another good standard is to forbid the use of certain easy-to-guess digit strings. Passwords containing your extension number, consecutive digits (1234) or repeating digits (5555) are not secure and make it easier for hackers to gain unauthorized access.

Remember, select a password that is easy for you to remember but not easy for others to guess.

Finally, you may want to create a schedule for changing voicemail passwords – quarterly or more frequently if needed. Your system administrator can configure your security settings so that employee passwords automatically expire at regular intervals. Another layer of security can be added by locking out a user after a certain number of failed login attempts. Your system administrator would then have to reset the user’s password. 

Other Considerations

Implement a routine system security audit to expose any passwords that do not meet security standards. Then have users update those passwords using the best practices already mentioned in this article.  If you are not sure how to complete an audit the first time, call Alternate Access for assistance.*

Make sure that VoIP phone systems, which are interconnected to the Internet, are protected by the right type of firewall. Also, limit dialing privileges (e.g. no long distance) on extensions that are in common areas that may be used by anyone. 

Ask Alternate Access what built-in security features your phone system has.* Depending on the system, you may have access to security tools that can help make the process easier.

Remember Alternate Access and its vendors will NOT contact you for your password. If someone contacts you claiming to be from your vendor and requests your password - DO NOT GIVE IT TO THEM. Hang up the phone and immediately report the incident to your administrator. If you have given your password, contact your administrator immediately so they can alert your co-workers and take the appropriate action to safeguard the system.

Instances of phone hacking do occur, but you can take steps to defend yourself against hackers. Use the information in this article to create a password policy to suit your business, and educate your staff on the policy so that your “offense” truly becomes your best defense against toll fraud.

Access to help you ascertain the best solution for your business model.