3 tips to defend your UC system against cyber threats

Organizations must improve their UC security measures.

Malicious third parties will leverage any means necessary to breach your network and steal sensitive data from your business. Unified communications systems are essential assets to daily operations. They house a significant amount of information while simultaneously having access to critical applications and solutions, making them a lucrative target.

To prevent compliance fines and recovery consequences, organizations must ensure that safeguards are in place to protect their UC tool. Let's take a look at three tips to defend your UC system against cyber threats:

1. Understand the risks

Attack methods are becoming more sophisticated to take advantage of technology gaps and employee error. It's important for organizations to stay updated on the biggest threats and what they look like. For example, vishing uses spoofed caller ID to suggest a call is being made in an official capacity to convince a recipient to reveal confidential information, Nemertes Research analyst John Burke wrote for TechTarget. Denial-of-service attacks that disrupt the communications infrastructure and platform compromises are other approaches that could threaten UC security and data protection.

Vishing spoofs caller ID information to get the recipient to reveal sensitive information.Vishing spoofs caller ID information to get the recipient to reveal sensitive information.

Educating employees on these common tactics can help deter breaches. Understanding what to look for with vishing, for instance, will prevent staff members from falling into this trap. Organizations must establish processes for sharing and requesting critical information, allowing workers to spot illegitimate calls.

2. Integrate and implement security features

UC solutions typically have a number of security capabilities, but if an organization doesn't configure or use them correctly, they won't effectively protect your systems. Network World contributor Dave Martin noted that UC security features must coexist with current data networking and security equipment. This means introducing application-aware safeguards for voice and video traffic in a way that works with existing devices. Successful integration will support a wider range of protocols and interface standards.

When choosing a UC system, businesses must also ensure that threats unique to communications traffic are addressed. Eavesdropping on voice channels, toll fraud and bring-your-own-device challenges must be addressed with UC- and VoIP-aware security controls. Encryption should be a standard, alongside unauthorized access recognition and reporting features. These functions will be essential to identifying, blocking and tracking down the cause of suspicious behaviors. 

"External communications are obviously the most critical but some organizations also require encryption of internal communications or communications in and out of critical departments," Martin wrote. "Any attempts of unauthorized access should be automatically detected, blocked and logged with enough forensic evidence to help track down the offenders."

"Businesses must integrate mobile devices and their management into the UC system."

3. Manage mobile devices

Over the past few years, bring-your-own-device policies have become more popular in an attempt to meet staff communication preferences and improve overall productivity. However, connecting this hardware to a UC service can introduce significant vulnerabilities, particularly if an employee isn't using IT-approved applications. Unauthorized programs might have access capabilities that workers don't realize, leading to compromised UC traffic and business information.

To solve this issue, businesses must integrate mobile devices and their management into the UC system. TechTarget contributor Tom Nolle suggested creating a mobile device matrix the UC tool can support and uniting the BYOD policy with these capabilities. This integration will forge a more effective management strategy to protect UC data and better handle mobile device requirements.

"Companies need to be able to ask BYOD users to add components to their devices so they conform to company communications standards, just as they expect them to meet security and compliance requirements," Nolle wrote. "In turn, employees have to be prepared to make some choices if the right components aren't available."

Cyber threats are evolving to take advantage of any hole in your protection. UC solutions have access to a variety of critical data and systems, making it an attractive target for advancing breach methods. By understanding the risks, enabling better mobile management and integrating security features, organizations will improve their UC protection and prevent data from being compromised.