Unified communications (UC) is the perfect solution for a workforce that’s becoming increasingly digital and for employers who strive to make their operations more flexible, location-wise. UC incorporates voice and video calling, messaging, video conferencing, team collaboration, and file sharing, among other communication systems. UC describes how these different communication tools and systems connect or interact, ensuring that wherever you work, you can still access and use them in the performance of your tasks.
Why You Need a Unified Communications Security Plan
As the shift to remote work environments becomes more widespread, the number of companies that rely on unified communication systems also continue to grow. It is UC that keeps everything going smoothly despite the lack of physical proximity among employees.
It is imperative for a company’s CIO and IT professionals to design a security plan to ensure that all communication channels between the office and the employees are safe and protected at all times. Once a communication channel is compromised, business operations might be, too.
But how do you make sure these UC platforms are secure or are aligned with security best practices? What are the security considerations and solutions?
How to Develop a Unified Communications Security Plan
To develop a UC security plan, you first need to have a thorough understanding of the various threats and risks your UC systems are susceptible to. The next step is to mitigate and address these threats and risks, and proactively keep these systems safe and protected in the long term.
Identifying Common UC Security Threats and Issues
The most common security issues are:
- Denial of service. Also called DoS attacks, these denial of service attacks target VoIP (Voice Over Internet Protocol) systems, websites, or mobile apps. These attacks can come in various forms, such as message flooding, call flooding, disruptive signaling, or interrupting call protocols.
- Theft of service. This theft happens when hackers exploit a UC system to make illegal or scam phone calls. The most common form of theft of service is toll fraud, which is when the attacker makes costly unauthorized calls using a company’s phone system.
- Hacking tools. Hacking tools can be used from either inside or outside a corporate network to compromise a UC or VoIP system.
- Mobile threats. This is when end-user devices are not secure and can, therefore, open and expose the entire corporate network to threats and make it vulnerable. Mobile apps on public networks can leave user information and data at risk.
- Unauthorized access. This happens when UC apps are not secured with two-factor authentication.
Applying Encryption and Session Border Controller
One way to address these security issues is to apply encryption options in order to secure the voice traffic between the UC server and the remote employee’s device or phone. You can also deploy a dedicated voice communications firewall in the form of Session Border Controller. SBC is a specifically designed network device that secures remote voice traffic by applying influence and security over the VoIP traffic. SBC protects against VoIP threats as the firewall cannot process these, and also translates every part of the Session Initiation Protocol (SIP) message to ensure proper audio and call control.
Require User Identification and Authentication
The best approach to establishing a UC security plan for your UC system is to select security options that protect it without introducing too much friction into the user experience.
One way to start is by requiring user identification and passwords. It is good policy to require users to apply strong passwords for their accounts. And a strong password is one that includes both lowercase and uppercase alphabetical characters, at least one numerical component, and at least one special character.
Another tool you can use is a multifactor authentication tool. This is when you require users to not only provide a password to successfully log in, but to also retrieve an email or a text message that contains a one-time authentication code that they need to type in.
Extend Your Collaborative Environment with Caution
Extending your collaborative environment beyond employees of the company means allowing outside participants to log in to your UC environment. Outside participants are bring-your-own-device users. Doing this is the whole point of creating a remote workplace.
However, because outsiders bring their own device, it is difficult to control which devices they use. It would also be difficult to determine the kind and the level of protection these BYOD users have in place for their own devices. As such, your UC system should include the ability to deny access to these outside devices when certain internal security requirements are not met.
The real threat, however, is when outsiders are intentionally included in team discussions and group chats. These discussions may contain confidential information or file postings carrying sensitive material. And when outsiders are able to view, access, or download such data, there is no telling where they will leak the info to or how they will use it.
It is imperative that you set up a system where confidential information may only be shared among top-level employees. The level of information employees can access or are privy to should coincide with their clearance level. Moreover, when a particular project is done, message boards and threads pertaining to that project should be closed. Additionally, there should be a regular audit of UC groups and discussions to ensure nothing slips through the cracks.
Compliance and Privacy
Hand in hand with unified communication security is privacy and compliance. Just like any other business, you will need to have the compliance standards regulating personal and sensitive data protection covered. More specifically, you will need to be in compliance with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
As CIOs, security experts, and third-party consultants, you should guide your company and help ensure that your UC systems are carefully addressing data privacy and security issues. You need to evaluate your UC system and help ensure that your services fit into the law’s definition of a safe environment for all stakeholders and employees. Also, figure out which rules and regulations to implement alongside your UC services in order to protect everyone from human error.
Another option is to look for a UC vendor that can provide next-level security and compliance services, which include session border controllers, end-to-end encryptions, firewalls, and reporting, among other protections.