By Tom Sime, Managing director, Exchange Communications
AS last month’s wave of cyber attacks, affecting dozens of companies including the world’s biggest advertiser, WPP have shown, fraud in general is a big issue in the UK.
The recently published Annual Fraud Indicator 2016 suggested that it costs the economy as much as £193billion each year.
However, while companies build an army of tech-savvy soldiers to guard the networks, and may I add rightly so, they’re failing to protect themselves against the very imminent threat of phone hacking. In fact, £38.6 billion was the figure given for Telecoms fraud in 2014.
What if I told you that as businesses prepare for a weekend by activating the “out of office” email, hackers get ready to access phone lines and drum up bills in the four, five and six figure regions?
At a basic level, telecoms fraud is caused by hackers using airtime without any intention of paying for it. Most of the time, this is outwith office hours. Call selling and premium rate service are common forms of dial through fraud, taking advantage of unprotected private branch exchange (PBX) systems, and costing your business hundreds, if not thousands of pounds.
Remote access has allowed a great deal of flexibility for modern telecoms systems – engineers can gain access off site, employees can log into voicemails and can reach extensions lines when out of office – but it has also left an unlocked door for telecoms thieves.
Hackers are able to spy companies’ weaknesses and crack passwords, allowing them to creep in and steal what is rightfully yours. Once through, they can invite others along to the party to sell to the highest bidder, carrying out call selling fraud and racking up huge bills. They can also make hours worth of calls to their own premium rate numbers, increasing their revenue.
You might think this would never happen to me. My business is too large with fortress walls that cannot be penetrated, or we’re so small that no one would bother. However, companies of all shape and sizes are affected. One small firm was shocked by a £50,000 bill for long distance calls routed through its phone line after returning from a three-day weekend, with big guys like BT, Wavecrest and the Exclusive Group also hit in 2015 with millions of pounds of unpaid Voice over Internet Protocol (Voip) credits.
Such hacking will not only rack up large debts, but will tell your customers that your company simply cannot protect vital information – hence customers will not trust you with their data. So what can be done to stop this?
Updating your passwords may seem like an obvious procedure, but doing this regularly can go a long way in protecting your systems, especially on the occasion of staff leaving the business.
Make sure you know who is using systems and what for, restrict access to prevent international or premium calls, and constantly review bills to ensure nothing out of the ordinary takes place.
Turn off Direct Inward System Access (DISA) and any other feature that allows for auto-creation of new extensions. However, if this is necessary to your business closely monitor it on a regular basis.
You can also book a thorough audit of your telecoms system and identify any areas of weakness. Put in place solutions that are strong, resistant and safe, and make sure hackers don’t stand a chance in tarnishing the name of the company.
This may all seem drastic and over-dramatic, but you would never leave the doors of your home unlocked when you go on holiday, so why would you forget to lock the “doors” of the office?
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here