ttacks against VoIP are on the rise and it is important that businesses know how to defend themselves, while also staying in compliance with regulators wanting proof that system security obeys the ever-changing regulations.
Many businesses still mexico telegram lack even basic encryption protection against problems such as VoIP denial of service, eavesdropping attacks and toll fraud, according to industry experts. This is an issue that needs to be tackled urgently because of the risk that this may render them non-compliant with the burgeoning regulatory framework, including HIPPA (Health Insurance Portability & Accountability Act), PCI (Payment card standards), and the Sarbanes Oxley Act which are revised so often they are something of a moving target.
This issue has come to the forefront in recent years due to events involving product safety recalls, financial fraud and, sadly, disasters in environmental health & safety. US regulators and bodies in other jurisdictions have stepped up the fight by tightening their legislative control. Generally speaking, these regulations seek to protect personal information that could lead to instances of identity theft, compromised bank accounts, corporate phone toll fraud or the fraudulent usage of credit cards.
While VoIP is seldom directly addressed in these revised regulations, the rules still apply to this technology in many cases. For example, PCI standards lay down the requirement for the use of security and cryptography such as SSL/TLS / IPSEC in order to safeguard cardholder data while it is transmitted over public, open networks.
This means that VoIP calls which go across the open internet and include credit card details must be encrypted. Even though this would not apply to VoIP calls carried out on internal networks, experts fear that businesses may be obliged to validate that these calls as being encrypted. Depending on the language used in the regulations, this could be construed to refer to VoIP.
As an example, HIPAA has said that businesses need to take steps to make electronically managed health information secure. This may not be immediately associated with VoIP calls but it could impact recorded calls or digital voice mail storage, both of which are a part of most VoIP systems. In the same way, if an interactive voice system is used in navigating to protected information, then its use must be both monitored and documented.