We are living in a world where almost a third of all businesses and home users in America are utilizing some form of VOIP technology. This may be to empower whole calling centers, or alternatively it may be on a smaller scale for inter-departmental communication.

2008 saw a record growth year in VOIP technology, and it also saw attacks against VoIP networks increase exponentially. As a result, many corporate networks whilst protected against internet-based attacks are still vulnerable against VOIP targeted breaches.

It is surprising to see the lackadaisical approach to security that many organizations are taking. In three years, analysts predict that VOIP will overtake traditional PSTN technology, and given the vulnerabilities of VOIP, organizations need to ensure that they have acted appropriately in order to mitigate the security risks.

What are the Security Risks of VOIP?
VOIP is an IP-based technology. Given the fact that data travels throughout the internet, this means that it is vulnerable to multiple points of interception unlike that of PSTN communications, which have remained relatively, secure in comparison.

IP Data is Vulnerable to Eavesdropping. Because many businesses are using VOIP equipment to conduct sensitive business transactions, they are becoming victims of direct man-in-the-middle attacks. Such attacks are preventable with good security policy.

VOIP Networks are Vulnerable to Direct Attack. Malicious attacks are increasing that are targeted specifically to VOIP networks. These attacks normally flood VOIP traffic to try to cripple the organizations infrastructure and effectively it allows attackers to gain unlawful access to information systems.

Given the main risks of VOIP technology, organizations have had to develop truly multi-layered security policies, which can safeguard voice and data systems at the same time. A typical multi-layered security policy does not aim to stop attackers entirely, but uses technologies such as VOIP encryption and file encryption to ensure that if networks are breached, then sensitive information will never be vulnerable.