The Customer understands that cyber attacks/toll fraud are prevalent in internet connected societies and even the best companies and policies are open to attack.Consultel uses internal standard security measures during the initial installation of the on premise equipment.However, the customer’s internal and external security policies play a much larger role in securing the customer’s premise equipment.Due to customer control and access of internal premise equipment, and management of external security policy the liability for loss of use and expenses incurred by cyber attacks/toll fraud will be the sole responsibility of the customer.If the customer suspects they have been a victim of fraud please notify your voice- and data-service providers and vendors immediately to help secure unauthorized access if possible.
◦Request that your service provider block long distance access, especially international calls, and provide a long-distance account code or set up credit card-only long-distance calling.
◦Since most users now can receive voicemail messages via their email, restricting dial-in voicemail access can help prevent unauthorized access to internal call routing. Be aware, hackers tend to attack voice mailboxes and systems at the start of weekends, holidays, or after hours.
◦Maintain a proper employee database.Delete users and voice mailboxes that are no longer active.
◦Add a session border controller (SBC) to your network to secure remote devices.
◦Ensure that premise equipment is secured in an environment to which only trusted authorized personnel have access.
◦Make sure your network firewall is secured and up-to-date.
◦Ensure that premise equipment has a proper maintenance and support contract in place.
◦Ensure that premise equipment has the latest software and security patches installed.
◦Utilize a “Strong” internal password policy.Strong passwords usually include at least 8 characters, both upper- and lower-case letters, numbers, and at least one special character.Strong passwords do not include character strings that form words or are familiar.For numerical passwords avoid digit strings that are repetitive, sequential, ascending or descending numbers or any part of the telephone number.
◦Ensure only trusted administrators know administrator passwords.Change company passwords quickly after staffing changes.
◦Disable external call forwarding unless absolutely required to help prevent toll fraud.