PABX fraud reaps close to £30 Billion for criminals and terrorists. An average incident can cost in the thousands. Holiday periods, such as Easter, can be a vulnerable time for many businesses with reduced staff levels and less opportunity to spot the signs of fraud in time.
A senior manager should be aware of these safeguards and ensure staff follow them as relevant.
- Passwords and access codes should be changed regularly and if possible be alpha/numeric and as many digits as the system allows. Avoid 0000, 1234, extension number=PIN passwords.
- Delete/change passwords for ex employees.
- Consider limiting call types by extension, if an extension user has no requirement to ring international/premium rate numbers then bar access to these call types.
- Secure the system physically, site it in a secure comms room and restrict access to that area.
- Regular reviews of calls should be carried out to cover analysis of billed calls by originating extension also to identify irregular usage and unexpected traffic.
- Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.
- Mailboxes – block access to unallocated mailboxes on the system, change the default PIN on unused mail boxes.
- Be vigilant for evidence of hacking – inability to get an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside business hours.
- Assess security of all PBX peripherals/applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any onboard remote management utility (eg PC Anywhere) for possible holes.
- Check firewall logs weekly.