How to secure UCaaS in the post WannaCry world
Unified communications as a service (UCaaS), the cloud delivery model for enterprise communications, is known for providing flexibility and scalability for core business tasks, as well as for offering a more consistent user experience for remote and mobile workers, writes Jon Loftin, the head of unified communications at Powwownow.
While unified communications has become more widespread and enjoyed innovative developments over the past few decades, with two million businesses in the UK having adopted hosted voice solutions, security measures and cyber best practise haven’t always kept pace. By October 2017, for example, over 55 million records of personal data had been leaked in the UK alone.
Sensitive data is at risk of being stolen, and cloud-based solutions are no different, requiring protection against data breaches, denial-of-service attacks, malware and other cyber threats. Consequently, it is increasingly important to put in place practical security measures for the benefit of staff, customers and businesses.
Ensure your supplier is IS27001 certified
With an ISO 27001-compliant information security management system (ISMS) in place, an organisation itself is usually well secured and up-to-date with its GDPR compliance. However, you should also be sure to check your supplier’s GDPR policies in terms of understanding what data they will be keeping on customers, where recordings will be stored, and what fraud protection is in place.
With hosted solutions, the supplier must maintain the SLA (Service Level Agreement), laying out the service arrangements and obligations that have been offered, while the customer needs to check the hosted company has implemented these policies.
Hosted systems do represent lower risk than a customer’s own PBX-type of solution, because the call data is retained on the supplier’s servers instead of being held by the end customer. The supplier will also have several highly trained security specialists on hand that would be a large outgoing for the SMEs to fund themselves.
Educate all workers on the importance of strong passwords, which are a simple method of maintaining safety. Changing your password regularly and using a minimum of 16 characters alongside uppercase and lowercase letters, numbers and symbols is recommended. Avoid using password generators since they can recycle old passwords that hackers might be aware of, and ensure no device has the default password it was set up with.
Keep users well informed
It is vital that users know if the data they are transferring or the call they are holding is confidential and, if it is, how to secure their hotspot. Teaching users to add applications onto their mobiles where possible is also useful, as it ensures call traffic is kept on your system rather than on the end user’s.
Monitor your system
A breach or attack needs a fast response in order to prevent further loss of data, so in order to react quickly, make sure your solution has tools and applications for monitoring your network and get these checks implemented for fast detection of an intrusion.
Cloud service providers tend to use hypervisor technology, which divides physical server space up into isolated virtual packets. Make sure you check your cloud service provider’s policy on ‘end-to-end encryption’ and learn whether your communications data is encrypted at all points from the data centre, in transit, or when being processed in the end user’s devices.
Beyond the standard firewall and security software
A standard firewall will not safeguard a modern, integrated UCaaS system, as it will leave holes in your network security. Consequently, many UCaaS solutions use Session Border Controllers (SBC) within the carrier network and provide on net connectivity between the Hosted Voice provider and the end user. This ensures call traffic does not go across the public internet at all, keeping the network more secure. Using good anti-malware features is also important so as to safeguard information and loss of productivity caused by spam or viruses.
Maintain an updated system
Hackers can enter systems through weaknesses or loopholes in equipment or applications that are out of date, and versions of apps that have not been updated commonly have bugs that can be exploited. To combat this, ensure software is as up-to-date as possible by paying close attention to usage alerts and redeploying licenses where necessary. As a safeguard in the event of a data breach, carry out regular backups of the entire system so that information is saved.
Securing UCaaS solutions appropriately allows businesses to take advantage of more efficient and safer working practises, something that it is dangerous to ignore.