Archives: June2018

VirtualPBX Guest Blog: Best Practices In Securing Unified Communications

For our Partner Blog Series we like to highlight the relationships we have with our peers and business partners from across all areas of the telecommunications industry. We know that when it comes to relationships, the whole really is greater than the sum of the parts. That’s why we want to share with you the wisdom, experience, and perspective of the companies we work with.

unified communications securityFor this edition of the VirtualPBX Partner Blog Series, we tap into the decades of network security experience of Sorell Slaymaker from Unified IT Systems. Sorell is an expert in the areas of risk assessment, network configuration, and general data security best practices in the cloud communications space. He has written extensively on these topics and today contributes the following guidelines for securing unified communications.

Best Practices In Securing Unified Communications

Unifed Communications (UC) applications can be the hardest to secure within an enterprise. UC clients, APIs, and services need a full security suite to ensure an enterprise stays secure. Too many enterprises attempt to apply standard application security measures to UC applications, which limit what users can do and still leaves enterprises exposed to the complex UC security challenges. Security managers and architects understand standard web applications, but not all the nuances of UC, and UC managers and architects lack the sophisticated security understanding.

Framing the Challenges of UC Security

One example is when Cisco’s Webex reported a critical security vulnerability that needed an immediate patch. An authenticated, remote attacker could execute arbitrary code on a targeted system due to insufficient input validation by the Cisco WebEx clients. The risks to a company if their UC system(s) is not secure include:

  1. Loss of Data – UC is more than voice and video, there is a lot of data associated with Web conferencing and file sharing.
  2. Back Doors – Bad actors can bypass standard security controls to gain access to private networks.
  3. User Tracking – Using Meta-data regarding the communication to track who is talking to whom, when, and where, even if the media is encrypted.
  4. Blackmail – Recording private conversations and threating to make the information public.

Increasingly Common Risks

UC combines telephony, video, chat, email, and presence together into one unified communications system. As the technology has become more complex and more accessible from the public internet, the security threat has increased. In many ways, it’s easier than ever to attack business communications. Companies must be diligent to protect their communications as they are vital to business operations.

Companies formerly relied on their internal network being secure and required external users to use a VPN solution to get in. This strategy may no longer work for all businesses because:

  1. No network is secure – It is been proven that the top vector for attacks come from inside the enterprise network.
  2. BYOD – (Bring Your Own Device) UC from personally owned devices including employees, contractors, partners who do not have a VPN or MDM client software protections.
  3. Speed – Users want to immediately start communicating versus having to wait for a VPN tunnel to be established.
  4. Public UCaaS – Hosting UC externally at a 3rd party using internet network connectivity is common, especially with the rise of freemium solutions.
  5. WebRTC – Supporting standardized clientless UC anywhere and everywhere.

Overcoming Common Challenges

While large businesses can often dedicate substantial resources toward securing their communications, SMB’s need simple and cost-effective solutions. Failure to secure UC can lead to information and data theft. UC is hard to secure for the following reasons:

  1. Peer-to-peer – WebRTC and proprietary UC stacks allow one device to talk directly to another without going through a centralized service and security stack. All other applications are client/server based, where a security stack can reside at the server.
  2. Bi-Directional – Sessions can be established in both directions due to the call/calling nature of UC versus a web application where a user establishes the session request. A home router, for instance, has a simple firewall rule that states all TCP & UDP sessions must be initiated from within the home network and why to get a Skype call, the home user first must be logged into Skype.
  3. UDP Transport – Unlike TCP that has sequence numbers and specific ports for different types of applications, UDP has neither. Different vendors open up a range of UDP ports and UC sessions cycle through the range of ports. The range of ports must be bigger than the peak number of concurrent UC users.
  4. Multiple services – Voice, video, chat, data – UC uses a range of services, each with their own TCP/UDP port. With conferencing, there can be hundreds of users interacting both inside and external to the organization.
  5. Jitter Sensitivity – Jitter is the variation in latency, and jitter above 20ms will result in the effective loss of real-time voice/video traffic. With video conferencing, there can be instantaneous spikes in network traffic that are 100x the norm. Firewalls and other security appliances have trouble processing a lot of UC traffic without causing jitter. The primary reason why UC was the last major application to use virtualized infrastructure at scale is due to this.
  6. Remote control – Co-browsing and taking remote control of an end-device are some of the enhanced features of UC suites. Many vendors use this to circumvent VPN and other types of supported enterprise remote access.
  7. APIs – The digital world is about getting and sharing data through APIs. Set up a secure, encrypted session and information goes in and out of an organization. The challenge is that some of this data can be private, confidential, and/or regulated data that require enterprise governance and compliance.
  8. Too Many Proprietary Appliances – Legacy PBX, voice mail, conferencing systems use proprietary hardware with non-common operating systems. These appliances are subject to known security vulnerabilities.

Finding the Solutions for Every System

While this list can be overwhelming, there are best practices to follow regarding security UC. These include:

  1. Encrypt Everything – It is no longer good enough to just encrypt data at rest, data and communication in motion must be encrypted because users and applications can be anywhere and everywhere. Use 256-bit encryption on sensitive data and communications. For instance, using 128-bit encryption still allows someone to understand if it is a male or female talking, what language, how long the conversation is and the interaction amount between users.
  2. Adopt Zero Trust Architecture – Zero Trust means that nothing on the network, resource, or application is trusted. A deny all policy, with a whitelist that is integrated with the identity and access management systems. Use anomaly detection to alert when something abnormal is occurring.
  3. Ensure Identity – Great security starts with great identity and access management. Multi-factor authentication, least privilege access, and good logs to account for who accessed what are industry best practices that are not always applied to UC. Password management for voice mail and other services should be multi-factor and require 2-factor tokens for system administrators. The password reset process should also be rigorous.

Really all proxy services need to be examined, as well. While web and email proxies are common and SBCs act, as one of their functions, as a voice proxy. Be sure to add chat/presence and video proxies. Unfortunately, these proxies are proprietary. A few examples Microsoft has their Edge & Reverse proxies, Cisco uses Expressway. These proxies provide the following features:

  • Packet Inspection – Unencrypt each session and inspect the signaling packets and scan each packet and stream.
  • Secure Firewall Transversal – Set up specific TCP ports to go through a firewall and handle the NAT required at both layer 3 and layer 5.
  • Log & Alarm – Gather a log of all sessions and generate real-time alerts when there are anomalies such as a spike in traffic, malware detection, multiple session failed attempts, etcetera.
  • DLP – When required, record the session – Important for screen share logging.

For WebRTC, a WebRTC Gateway with ICE, STUN and TURN services used as appropriate. To add to this list, with the use the Communication Platform as a Service (CPaaS), all API’s should also have a proxy so an enterprise can enforce governance and compliance of all data going in and out of the organization.

  1. Securing the UC appliances – Scanning on a regular basis and applying vendor security patches immediately, plus turning off unused services. While this may seem obvious, many enterprises fail to do this as their UC infrastructure does not always reside in the security managed part of the data center.
  2. Log & event monitoring – Every large enterprise has Security Information and Event Management system. The UC systems should tie into this.
  3. Audit – While all large enterprises and government agencies get 3rd party audits of their critical or sensitive transactions, this is rarely done for interactions. Getting a 3rd party to audit UC security and interactions is an emerging best practice.
  4. Training – No matter how secure your systems are, users can be lazy and not take security seriously. If they or the people they are talking to are on an unsecured session, confidential, private, or regulated information should not be shared.

Hackers are becoming like spies and getting more sophisticated and targeting employees, contractors, and partners to help them infiltrate an organization. Everything in an organization needs to be locked down tightly, including UC applications. And for IT security professionals, a security breach into systems that you are responsible for will more than likely result in you updating your resume.

So what do you think? Does your enterprise already conduct all of these steps to protect itself from bad actors and security breaches? Do you think there are other critical steps that we didn’t cover here? Let us know by joining the conversation on Facebook or Twitter, and we’ll make sure to include it in future editions of the VirtualPBX Partner Blog Series!

VoIP Can Give Your Business the Best Automated Phone Tree

automated phone treeAn automated phone tree is a menu-based telephone system that routes callers to individuals, departments, or even to recorded messages or additional menus. This inbound call direction tool is essential for businesses with high call traffic or large departmental organization. The phone tree got its name in part because there is a multitude of options for a caller to be directed towards even though they all come in from the same telephone number. This “many from one” design resemble the branches of a tree and the trunk is the single pathway that all inbound call traffic originates from. Traditionally, the phone tree was something that didn’t exist as an automated system at all. Live receptionists had to be staffed by the dozen to accommodate the complex call routing needs of some organizations and that persisted well into the late 20th century until the advent of new, digital telephone technology like an Auto Attendant.

Putting the Auto into Automated Phone Tree

An Auto Attendant is a popular feature on some feature-rich hosted VoIP plans that has taken most of the point-of-contact requirements out of the hands of humans. However, more than just fielding calls, an automated phone tree’s core function is to direct them to the appropriate party or parties, as well. This is accomplished by combining the infinitely scalable capacity thresholds of an Auto Attendant with a few advanced telephony tools, as well. Specifically, these tools are designed to handle the complex routing requirements of modern organizations without the costs associated with older, traditional phone systems.

  • ACD Queues ACD (Automatic Call Distribution Cues) are highly customizable call routing systems that can designate more than just the group or party an inbound call should be directed to. Additionally, ACD Queues can also throttle the pace of distribution, designate the sequence of agents who will answer calls, plus any one of several skills-based and overflow oriented call routing logics.
  • Hunt Groups Hunt Groups are similar in function to ACD Queues and also help to complement the function of an automated phone tree, but are less sophisticated in their adjustability. Also, whereas an ACD Queues can be added to a Dash Business VoIP Plan for a fee, Hunt Groups are included with every available Dash Plan, including basic.

Getting Started With an Automated Phone Tree

Even though the combination of an Auto Attendant and either ACD Queues or Hunt Groups make for a formidable inbound call strategy, using them does not preclude an organization from having a live receptionist. In fact, the opportunities to use these technologies to enhance and improve the impact that having a live receptionist has on an organization are greater than the using them on their own. Plus, getting started is easy considering that all VirtualPBX VoIP Plans come with a 30-day money back guarantee. So what are you waiting for? Get automated phone trees for your office and see how they can help your business, today!

The Ways How Building Open Source Software is Like Baking a Cake

open source software and cakeWe recently launched the all-new and totally free to acquire VirtualPBX Web Phone for all of our Dash Service Plan account holders to use. This was a big deal for our customers and us because it was the first time that open-source WebRTC (Web-Based Real-Time Communications) software was used to create such a powerful telecommunications device that was being made freely available to the hosted PBX community. We’re rather proud of the Web Phone for both its formidable performance and durable reliability as much as we are for the fact that we’re literally giving it away to anyone who wants to use it. Since its debut earlier this year, however, we’ve been getting lots of questions about how it was made, how we can offer it for free, and general questions about what features users would be losing out on by using it. The short answer to that is that anyone on a VirtualPBX VoIP plan will get 100% parity on the feature set on the VirtualPBX Web Phone as they would on even the highest quality VoIP Desk Phone. We understand the skepticism, though, honestly. We have so many people who make the switch to VirtualPBX from other services that promise a lot and deliver a little that it’s entirely understandable why some people may be wary to accept something that is promised to be so impressive, much less that it’s being offered for free. To address some of the apprehension, we’ve tapped one of our engineering rockstars to explain WebRTC and Open-Source Software but still we’ve decided to make it even more approachable with a new analogy. And it’s one that I think is close to almost everyone’s heart; cake.

Open Source Software As a Cookbook

First of all, who doesn’t love cakes, right? There’s a reason cake is ubiquitous at birthday celebrations and that’s because, while we may have disagreements about the flavors or icing, it’s pretty tough to go wrong with a fat slice of cake. And how is our new Web Phone like a birthday cake? Well, just like the spongy goodness of a cake, the VirtualPBX Web Phone shares a variety of similarities.

  • Our new web phone is comprised of a balanced apportionment of carefully selected ingredients. Too much tech and not enough UX design can leave a similarly bad taste to a cake baked with too much rising agent that may have a lot of volume to it, but the aftertaste is something that people may not care for.
  • Choosing the right platforms to be compatible with (ie, being immediately optimized for all modern web browsers) is also a lot like picking the style of cake layers. A multi-tiered and festooned piece of bakery may look good, but is it something that works for everyone? Not likely. From a reliability standpoint, a simple sheet cake is what you’d need to make sure that anyone, anywhere would be able to, sink their teeth into, a new web phone.
  • And, of course, one of the most obvious of similarities between cakes and the VirtualPBX Web Phone is that they each can be universally popular assuming the recipe is followed to the tee. This is great for our users because we host and manage all of the necessary technology behind the web phone in the cloud which means that they can rest assured that the recipe is right 100% of the time. Because you know the secret to making perfect Tollhouse Chocolate Chip cookies, don’t you? It’s following the recipe perfectly.

Use Our Open Source Software as Much as You Want

Here’s another similarity between great cooking and great open source software; when people make something incredible, they want to share it with everyone else. Just like you can find recipes from amateur and professional chefs being freely given away across the web, we’re also happy to provide our web phone totally free of charge. That means that you can have as many of these as you want on as many devices and for all of your employees and the cost will always be zero dollars and no cents. The VirtualPBX Web Phone operates reliably on any modern web browser on any web-enabled device, phone, tablet, or computer. The only thing you pay for is the use of your Dash Service Plan, and your pooled minutes are drawn from each user in the exact same way they always had been. Now, the only thing that changes is you get the industry’s best and, ahem, freshest web phone technology for all of your employees totally free. No more buying and provisioning VoIP phones, no more paying licensing fees for softphone applications, and way more budget left over for, if we have anything to say about it, cake. You can’t always eat as much cake as you’d like, but with the VirtualPBX Web Phone and a Dash Service Plan you can at least have your cake and eat it, too!

How Work Has Changed for a Phone Receptionist with Cloud Communications

phone receptionistA phone receptionist is often times the first and most commonly encountered employees at a company. Being the point person on the front lines of a business’ telephone traffic definitely puts an individual in contact with a lot of the public, but how a phone receptionist works has changed with the proliferation of modern telecommunications technology. While the tools he or she uses to accomplish the task of answering, transferring, and forwarding calls may have changed, however, the essential value of a phone receptionist has remained just as high.

The Original Phone Receptionist

As we can all imagine with the images of bays and bays of operators working a switchboard in the office buildings of yesteryear, the function of a live receptionist has always been, well, lively. This has always been the lot of the phone receptionist, irrespective of what the industry or size of an organization he or she worked for. That’s because regardless of the amount of traffic that comes across the desk, or phone line, of a phone receptionist, the importance of it all does not waver. Being a triage nurse or sorts, a phone receptionist has historically played a role in which determinations need to be made about a host of topics. Everything from locating the correct parties to receive inbound calls, assessing callers’ needs and escalating as necessary, to even gatekeeping access to members of a leadership team all are responsibilities that fall at the feet of a phone receptionist. This has largely remained unchanged throughout the years, though advances in telephone system technology have shaped how all of these tasks get completed.

The Super Charged Phone Receptionist

Today, with the benefits of faster, leaner, and simpler voice communications technology like VoIP, a phone receptionist can effectively be at more than one place at the same time. This is accomplished across several fronts, many of which stem from the multi-faceted benefits of an Auto Attendant, the virtual receptionist that comes with the award-winning Dash Business VoIP Plans. VoIP (Voice Over Internet Protocol) is an advantage to any phone receptionist because it allows him or her to “park” calls to be handled by a team of potential recipients rather than simply taking a message. Also, by nature of being hosted in the cloud and not tethered to physical wires, a hosted phone plan allows phone receptionists to move from location to location, permitting them to get more done than when they had to be stationed at a desk to field a call. This mobility can be accomplished a variety of ways, intra-office moves can be executed with a Hot Desk from desk to desk or even anywhere the industry’s only 4G LTE nationwide network exclusively for Dash VoIP users covers them with Mobile for Business. This doesn’t even begin to scratch the surface of what all an Auto Attendant or a virtual receptionist can do to enhance the work of a phone receptionist. Suffice to say, however, anything that can help one of a company’s most important employees be better and more efficient at their job is something that should be investigated by any organization. Auto Attendants powered by Dash VoIP Plans are and do exactly that.

What You Need to Know About Having a Live Receptionist With VoIP

live receptionistA live receptionist is often the first line of contact for a business with its customers, and needs to possess a wide range of institutional knowledge to field calls, answer questions, and direct topics to their best possible outcome. The importance of having the right person in this role underscores the commonly held notion that a business’s greatest assets are the people who work there. Certainly, we’ve had a lot of fun investing in our human capital, ourselves, because we also attribute our growth and success to the hard work and irreplaceable personalities that make VirtualPBX who we are. Combine that idea with the old adage that you never get a second chance to make a first impression, and you’ve got a situation whereby the front lines employees are staggeringly important to the success of an organization. Many of our customers are small, scrappy, and resourceful entrepreneurs who handle every aspect, from the front of the house to the back, on their own. But other companies with a few more employees make one of their first hires an administrator who can handle the logistics of an office. This person ends up with plenty of responsibilities, and more often than not those include acting as the live receptionist for all inbound calls. There is really no replacement for the personality that some of my favorite administrators have and how that, in turn, elevates the brand they represent.

That’s why many organizations also have anxiety over bringing in an advanced business telephone service like feature-rich hosted VoIP for fear of them losing the need for a live receptionist altogether. Even though some businesses enjoy employing an Auto Attendant in lieu of a live receptionist, mandating that never has to be the case. Over the course of this post we’ll illustrate how a live receptionist and an Auto Attendant are not mutually exclusive and can, in fact, complement each other quite nicely. There are several compositions this can take, too, each of which provides specific support for live receptionists only, exclusive use of Auto Attendants, and any number of hybridizations of the two.

Having A VoIP Plan With a Live Receptionist

We aren’t going to deny that one of the most consistently popular features on any of our VirtualPBX cloud phone systems is the Auto Attendant. An Auto Attendant can route calls, forward to groups or individuals, be programmed to adapt to time changes and holiday schedules, and even field questions or direct to voicemail. With all of that ability packed into a free Auto Attendant, it’s easy to see why companies without the capital to hire new administrators find it to be such a helpful feature. That said, there is no need to use this feature to replace a live receptionist. When properly executed, an Auto Attendant can actually serve as an assistant and enhancement to the operations of any live receptionist. Here are a few of the ways a live receptionist can benefit from an Auto Attendant:

  • Added Coverage Being able to field multiple lines of call traffic is one of the most important duties of a live receptionist, but it may also prematurely interrupt the conversation he or she is currently on. With an Auto Attendant, you can arrange to have those alternate calls be answered by the phone system if the main line is busy.
  • Specific Design for Live Receptionists Fielding calls within an organization is much easier when live receptionists can use Advanced Transfers to ensure swift and accurate call transfers. Plus, for critical conversations that need to put on hold, calls can be parked and this and a host of other useful features can be accessed right from a handset with Feature Codes, too.
  • Pinch Hitter Being able to call in a back-up to bat for a team member is a great advantage in baseball, and the same can be said for a live receptionist, too. Fielding phone calls is easier when you don’t have to be stationary at a desk, so if a cordless VoIP office phone isn’t available, knowing that an Auto Attendant will answer calls in your absence is a huge relief when you need a moment of, well, relief.
  • Professional Representation As we’ve mentioned, the best live receptionist can do more than just act as an operator, he or she can also be the company’s best brand ambassador, too. Fortunately, a virtual receptionist can do the same thing. By being able to customize everything from on-hold music to automatic and professionally recorded messages that dynamically change for holidays or promotions, a live receptionist never has to worry that a virtual replacement isn’t pulling their weight.
  • Infinitely Expandable The only real threshold that even the most capable and competent employee encounters is that of scalability. Because an Auto Attendant never needs to take a lunch break and can handle multiple concurrent calls without any attrition to the quality and polish of each one, there’s no need worry about overloading the system. Plus, because all of VoIP Phone Plan features are hosted in the cloud, they can be scaled up or down as needed to grow with a company with just a few clicks, too.

Auto Attendant is Just One Way to help a Live Receptionist

The above list barely scratches the surface of the examples on how an Auto Attendant can help any live receptionist be better and more agile at work. The ways a live receptionist can benefit from a VoIP plan are as many and as creative as the administrators thereon. Because companies can add dozens of recording options, add department groups at will, and have infinitely customizable voicemail, faxmail, and greeting options, this literally is just the tip of the iceberg. Plus, add into the fact that all of those presets can be dynamically programmed to act differently for night/day hours and holidays, too, and you’re left with a system that is almost as dynamic as your live receptionist. Of course, no program will replace him or her, but this one sure does come close.

For information on how to get your own Auto Attendant, you can sign up for a free VoIP trial right now, or just hit us up on Twitter and Facebook with your questions. Also, if you already have your Dash Plan and Auto Attendant and need a little help setting it up, we have online call handling support available and you can even call us right from those resources if you want, as well. If you do, don’t be surprised if you are wildly impressed with our combination of automated and live receptionist skills, either.

VirtualPBX on TwitterVirtualPBX on FacebookVirtualPBX on YouTubeVirtualPBX on Pinterest