AS PART of National Fraud Week, Telstra issued a list of security steps businesses can take to reduce the risk of their phone systems being hacked.
Telstra Business has taken the step of sending warnings out to its one million customers, following an increase in cases where hackers have gained unauthorised access to business phone systems.
Telstra Corporate Security and Investigation director Darren Kane said Private Automated Branch Exchange (PABX) units and voicemail systems were the most common fraud targets.
"Customers have been shocked to suddenly find themselves liable for debts worth tens of thousands of dollars - this is on top of the hassle and disruption to business these attacks can cause," Mr Kane said.
"While most businesses are aware of the risk of cyber-security and have taken measures to protect their business, the potential for a security breach of telephone equipment is often not considered.
"Unfortunately there are scammers who use all sorts of means to steal other people's property including telephone access, so customers really need to be thinking smart about ensuring their security measures are up to date.
"As with most equipment, the phone systems people use relies on PINs and passwords, and if they are not up to date or regularly changed, it's like leaving the key in the door for a thief."
Telstra's top five essential security tips for business
- Conduct regular security audits of all voicemail, telephone and PABX systems. Cancel or disable features not required including old voice mailbox accounts.
- Regularly check both inbound and outbound call records, especially to unusual destinations, and calls made and received at unusual times. Don't wait for your Telstra bill to check calls and costs. Use Online Billing to check call records at any time.
- Make sure access to phone or PABX systems is strictly limited, controlled and secured. Prepare a contingency plan and be ready to put it into action when a security breach occurs.
- Treat phone PINs as seriously any other financial or computer access code. Ban employees from using easy-to-guess PIN numbers and make sure they are secure, not written anywhere, and changed regularly.
- Make sure computer security is up to date. Use firewall rules to block undesirable internet activity and close unused IP ports.