Many businesses looking to upgrade their telephony systems are now looking to SIP trunking to cut costs and provide further functionality. SIP trunking uses IP to connect to the public telephony exchange and allows users to have a fully-functional business system installed at a fraction of the cost of a traditional system.
The cost benefits are the most popular aspect of SIP trunking, as it requires little in the way of capital expenditure and ongoing maintenance. However, a recent study found that 23% of people ranked security as their highest priority, whilst 22% rated quality of service and support as their most important feature with regards to SIP.
Some businesses are concerned about the possibility of toll fraud when using VoIP services. There are a few different types of VoIP fraud, and if your business falls victim, it can prove very costly. The majority of SIP suppliers will have robust security in place, but you should of course check before signing the SLA.
Look for two types of security feature
- Secure real-time transport protocol (SRTP)
- Transport layer security (TLS)
Conversations and even SIP messages can be encrypted and ensuring that your conversations are protected is vital to every business, especially those that have to comply with regulations such as PCI DSS
. The above features help to keep information secure and help to prevent DDoS (Distributed Denial of Service) attacks.
To prevent fraud, it’s necessary to ensure adequate security at network level (of the business) and to consider security during deployment. With this in mind, before systems are put in place, the IT department should carry out a full security audit and penetration test.
The network should be secured using a layered approach, or you should consider invested in managed security.
Consider how the following can be implemented and maintained on a regular basis:
- Patch management – software needs to be regularly updated in order to ensure that it’s free from any vulnerabilities that can be exploited by attackers. This is often neglected on the business network and yet is a vital aspect of security.
- Antivirus solutions – business grade antivirus and malware software is necessary to pick up any malware coming into the business through phishing attacks, malicious websites and more.
- Firewall – this will usually be implemented on the network via the routers.
- Staff training – any IT security expert will tell you that breaches are almost always due to user error. With this in mind, create policies and procedures in order to inform staff about how to protect the business. Training should also be put into place to further improve on security.
Further to this, monitoring systems should be put in place to ensure that should any unusual activity be detected (such as calls to/from an unapproved country and calls made outside of working hours), it can be dealt with quickly and the related costs minimized.
It’s worth noting that VoIP fraud is often caused by a lack of good security within the business itself and not at supplier end.
As SIP is an internet-based product, it’s important that your supplier offers a robust service that’s always (or as close as possible) available. Support too should be fast and effective, allowing IT to discuss any problems with the vendor’s support representatives immediately. Downtime is costly
to every business and can quickly and easily run into the 1000s, cost-wise.
With this in mind, you should check the SLA through thoroughly before signing up. Make sure that a guaranteed uptime is given as well as a timescale for responding to emergencies. You should also check that the vendor has a disaster recovery plan in place to cover all eventualities. SIP trunking is more reliable than standard, traditional telephony, but you should study the SLA carefully to make sure that you’re covered. Check too the length of time that you’re tied into a contract.
For a full explanation of what you should look for in an SLA, take a look at Secrets of the SIP Trunking SLA.
The benefits of SIP trunking are numerous, so you shouldn’t be deterred by security concerns or the intricacies of the SLA. When choosing vendors, ensure that you know exactly what you’re signing up for, and that security is in place.
Then it’s just a case of sitting back and enjoying the improvements in revenue that SIP allows your business.