Posted on February 12, 2019 by Casey Houser
Today’s guest post comes courtesy of Uwe Dreissigacker, the Founder and CEO of Invoice Berry, an online invoicing and expense tracking platform.
As a business owner, invoicing might seem straightforward, making invoicing mistakes rare.
Invoices are something you send out at the end of the month manually without giving them much thought. But if you want to stay on top of your cash flows and continue being in the black as a business, it’s crucial you stop making these five invoicing mistakes.
Sending out a professional invoice and getting paid on time is a responsibility you can’t take any chances on. Your invoices are directly tied with your cash flow and business revenues even if it may not seem like it.
What this means is that something as simple as sending out an invoice for your provided services or product can increase your future earnings.
But this can’t happen unless you stop making the common invoice mistakes listed below.
If you want to improve your relationship with your customers and increase your future profit – be sure to read on.
1. Not enough details
To avoid this first invoicing mistake, you need to learn what exactly goes into an invoice.
When most small business owners start working on their invoices, they just list all the provided goods or services and move on with their day.
While this has been the standard for a long time now, and yes, you might still get away with it today, there are just so many other things that you can add to your invoice.
Your invoice is an extension of your business.
Essentially, you’re communicating your business culture, values, and beliefs through an invoice. Something as simple as creating a custom invoice with a personalized template can leave a lasting impression on your clients and increase your brand reach as well.
Of course, it’s important not to overstuff your invoice, but you should still go the extra mile when creating one.
For example, you can also attach your business voicemail number to your invoice in case your clients want to reach you immediately. This, in turn, encourages inbound calling and provides another way for your customers to reach you.
Once again – by taking your time and making your invoices more detailed, you get more brand value, better customer experience, and a means for them to contact you. All of this through a simple invoice.
2. Not automating your invoices
As mentioned above, most business owners just fill out an invoice last minute and don’t worry about it until the next month.
This is where the recurring invoice can help you out.
A recurring invoice is a type of invoice which automatically charges a client at specific intervals.
For those committed and returning clients, automating invoices is a great way to save time and money. Automating and using recurring invoices allows you to take care of more important things.
The supplier doesn’t have to wait for the customer to pay or repeatedly ask for the client’s credit card information. And similarly, the customer doesn’t have to send manual payments.
The idea here is to make the payment process convenient and more professional for everyone involved.
In order for a company to start using recurring invoices, they must first ask for permission from the customer to be charged on a regular basis for a specific amount. After that, the charges will continue to apply unless the contract is terminated or the client withdraws permission.
Essentially, if you put in the work and create a custom invoice and then start automating it (a process which doesn’t take long), you’re saving money and time in the long run.
And the less time you spend on invoicing manually, the more time you have for work and other tasks.
3. Not tracking your invoices
This is another important benefit of electronic (and automated) online invoices.
As a business owner, you probably have a lot of things to keep track of and eventually, you might feel that they’re starting to pile up.
Fortunately, using electronic and online invoices means having one less thing to worry about.
What happens when you start tracking and managing your online invoices?
Well, for one thing, they become neatly organized in one place where you can go over your past and draft invoices. You can also see which invoices are outstanding, still pending, and not paid yet. All of those invoices are also backed up digitally, so you won’t have to worry about losing them.
Did you know that in 2016 the estimate for electronic invoices reached around 30 billion worldwide with an annual growth rate of 10-20%? (Source)
To this day, this number has been increasing.
The fact of the matter is that in addition to being very convenient, electronic invoices allow business owners to help get a better overview of their finances.
4. Not following up on late payers
This may sound like an obvious invoicing mistake, but it still happens.
Sometimes a client might forget to pay, either because they forgot or out of fear of confrontation, and the invoice gets lost in their inbox. Even if they simply forgot to pay, it’s your cash flow at stake here.
To avoid this, be sure to follow up with your clients who are late on their payments. Like all other businesses, they get busy and possibly didn’t mean to delay the payment. Either way, be sure to send a polite follow up to remind them.
Alternatively, if you want to make sure your invoices get paid on time, consider updating your late payment policies and set an extra fee on late payments. This way, your clients will know for sure that they’d have to pay extra if they keep delaying your invoices.
Ideally, you should set payment terms for no longer than 14 days or so. Otherwise, your clients may procrastinate on your invoice. If they still skip on the due date, be sure to follow up, or if it’s urgent, you can call them virtually.
5. Having poor manners on your invoices
At the end of the day, if you want to continue and improve your current relationship with your clients – you should focus on the way you communicate with them.
Your invoices are a further extension of this. They’re part of your bigger customer experience strategy.
Treat your clients like people. They’ll appreciate it and return the love tenfold.
Consider being polite and adding simple phrases like “thank you for your business!” at the end of an invoice. This can increase your invoice payments rate and make them want to do business with you again in the future. As an added benefit, it also increases your brand image and leaves a lasting impression.
This may not sound like a big of a deal, but the closer you are with your clients the better. And you lose nothing by being polite!
The next time you’re customizing your invoice, focus on your manners. Improve your greetings, leave a “thank you” note at the end, and in general, don’t forget that there’s a person on the receiving end of the invoice.
Your clients will appreciate the small things, and you have nothing to lose.
Avoid These 5 Invoicing Mistakes
All in all, if you have no clear invoicing system set up, then you might be setting yourself up for failure.
In the past, you might have gotten away with a simple invoice which just lists the payment items and date. But now, there’s so much more that can go in an invoice.
Remember: the more personal your invoice is the better.
Be direct and concise when it comes to your finances, but also be polite when you can.
At the end of the day, you’re running a business. Automating your invoices opens up the possibility of focusing on other aspects. There are even more advantages to using online invoicing software, but generally speaking, you should know that electronic invoices are a powerful tool.
They’re an extension of your business and brand, so why take chances with your clients?
The next time you’re handling your invoices, be sure to take the extra step and avoid these five invoicing mistakes!
Posted on January 29, 2019 by Casey Houser
Our guest post today comes courtesy of Riley Panko, a Senior Content Writer at Clutch, a B2B research, ratings, and reviews firm in Washington, D.C. VirtualPBX’s Content Specialist Casey Houser contributed to the report, providing industry context.
Robocalls are a growing nuisance, disrupting legitimate communication on both individual and businesses phone networks.
Americans received a shocking 48 billion robocalls in 2018.
Clutch recently conducted a study of nearly 700 people who receive robocalls to understand the steps they are taking to combat them.
The report found that 67% of people are unlikely to pick up a phone call from an unknown number. Experts say robocalls erode trust in phone-based communication.
The survey also reveals that the National Do Not Call Registry is ineffective for the majority of those that sign up. New technology will seek to actively validate legitimate phone calls to combat robocalls, as opposed to just retroactively punishing offenders.
National Do Not Call Registry Ineffective Over Time
More than two-thirds of those that signed up for the National Do Not Call Registry say that it’s ineffective – 49 percent say they receive the same amount of robocalls and 19 percent say they receive more robocalls.
The National Do Not Call Registry was first implemented in 2003 with live telemarketing in mind.
Nowadays, though, most robocalls are automated. This means that robocallers can call a huge number of people in a short period of time, with a human only required when someone actually picks up and takes action on the robocall.
Automated robocallers don’t have much incentive to not call the people on the Do Not Call list – enforcement of the list has been limited.
This is increasingly true as robocallers become harder to track down. The rise of “spoofing” allows robocallers to use VoIP technology to trick caller ID into displaying any number. This means that many people do not know who is actually calling them, and where they might be located.
STIR/SHAKEN Will Actively Validate Legitimate Calls
The future of robocall protection requires a proactive approach.
The Federal Communications Commission supports the implementation of two initiatives known as the “Secure Telephone Identity Revisited” (STIR) standard and the “Signature-based Handling of Asserted information using toKENs” (SHAKEN) standard. Together, they are known as STIR/SHAKEN.
This technology checks all incoming phone calls for the presence of a certificate, distributed by a trusted policy administrator. If the number contains the certificate, then the call will be validated. This may be displayed on caller ID with a check mark, similar to how Twitter verifies accounts.
VirtualPBX applauds the adoption of STIR/SHAKEN.
“We actively support new anti-spam measures such as SHAKEN/STIR that create a traceable, encrypted phone connection between caller and receiver,” said Casey Houser, Content Specialist at VirtualPBX. “This new tech made a big splash recently with the FCC and large telecoms, and its adoption throughout the telecommunications market should mark a large decrease in the amount of spam callers receive.”
So Far, Only T-Mobile is Ready
The FCC recently pushed for major telecom providers to be ready to adopt the two standards. As of early 2019, only T-Mobile announced they were ready for implementation.
Robocalls will not be stopped with traditional preventative practices. STIR/SHAKEN may be a glimmer of hope in a world overrun with robocalls.
Posted on December 11, 2018 by Casey Houser
Today’s guest post comes from Snap Recordings, a professional voice recording service provider with over 100 male and female voice talents that has been recognized as a leader in professional voice recordings for business phone systems. Order professionally recorded greetings by Snap Recordings from within your Dash account.
Most businesses will see a significant increase in phone calls during the busy holiday season. While this is great for your bottom line, more callers means longer hold times, and that can create caller frustration during an already stressful time of year. Does your phone system have the holiday cheer necessary to keep callers happy and engaged?
By adding professional holiday greetings and music to your business phone system, you can create a more festive experience for callers and reduce hangups. Meanwhile, you can focus on critical operations like tackling customer concerns and shipping goods.
Best of all, you don’t need to start from scratch. Simply adding some festive holiday background music and short seasonal greetings to your existing messages may be all you need to see positive results. Try these phone system preparation methods as soon as possible.
Add Holiday Cheer to Your Telephone Greeting
When you adjust your holiday hours and customer greetings in the VirtualPBX phone system, you give your callers the opportunity to stay up-to-date with ongoing company events. With a simple, friendly greeting, you can offer the courtesy of mentioning your changing schedule, and you can lighten the load on your receptionist.
Moreover, you can cross-promote your products and services to a captive audience. Customers may have to sit on hold for a few more minutes than usual, so it’s in your best interest to share important information about new products and possible shipping time changes while your audience is waiting.
Do all this with a bit of mirth. Research from as far back as the 1980’s has shown that providing structure to on-hold programming — through appropriate messages and music — can help reduce the perceived time a caller thinks they’re on hold. In short, your cheerfulness in messaging that sits alongside festive music can decrease the mental strain customers feel when they wait for a live company representative.
Express your gratitude to your customers and clients. Let them know you appreciate their continued business. Be as heartfelt as possible, and remain dedicated to a few effective goals by following some industry best practices.
Holiday Greetings Best Practices
Only use professionally-recorded greetings
Even the best self-recorded greetings fall short when it comes to fluid voice and crisp audio quality. Customers won’t perceive your business as competent and professional if you don’t sound professional.
Keep messages sincere
The holidays evoke warm, happy feelings, and your holiday greetings should have that same tone. If you want to sound honest and heartfelt avoid overly-wordy or sterile greetings.
Avoid religious sentiments
While many people have a religious connection to this time of year, not everyone shares the same beliefs. Unless your religious message resonates with your entire client base, you’re better off sticking to secular greetings.
Choose the right music
Working with a professional gives you access to a large library of holiday tracks. Be sure to choose holiday music that compliments your brand and conveys a tone that is in line with your image.
Don’t wait until the last minute
The holidays are a busy time for everyone. Getting started on your holiday greetings as soon as possible is the best way to set yourself up for success.
Grab Your Holiday Gift Box Today
Snap Recordings is offering VirtualPBX customers a Holiday Message Gift Box that includes 12 ready-to-use professional, pre-recorded holiday voicemail greetings and hold messages, a Holiday Messaging Guide, and a promo code good for your first order. Grab your gift box before January 7th, 2019 to take advantage of this value packed gift!
Don’t forget about our year-end Refurbished Phones and Hardware Sale. The sale ends December 31st!
Posted on July 10, 2018 by Rachel Anderson
Today’s guest blog comes from 2600hz, whose flagship offering, Kazoo, gives telecom providers modern user interfaces, advanced carrier management, and all of the benefits that come with a team of highly trained telecom engineers. VirtualPBX works closely with 2600hz to deliver solutions to their range of customers across the U.S. and around the world.
By definition VoIP fraud is the unauthorized use of paid communications services, charged to someone without their knowledge, whether it be service provider or customer. VoIP system providers take extensive measures to protect your business from various forms of data breach, but there are still gaps in security that make your business vulnerable to those searching for a way in. A single fraud event can cost a business anywhere from $3,000 to $50,000+, and often occurs more than once claiming thousands of stolen dollars. Stopping an attack from happening requires securing your system using a proactive approach.
Examples of VoIP Fraud:
There are several ways that your business may be affected. Some schemes are more simple, such as device fraud. Others require an “Oceans 11” type heist skill that involves creating fake companies, manipulating contracts, and Pulitzer prize like storytelling.
Device & Call Fraud
Device Fraud is the most simple and most popular form of VoIP fraud. An automation is set up to scan for vulnerable endpoints. Vulnerable endpoints are those still using their default usernames and passwords making them the easiest to access for an intruder. Most UI’s change this automatically on set up, but in the occurrence of a error, that end point becomes a means to pump calls to a secondary account and gives the intruder full control of those devices.
Call Fraud gets a bit more creative. Call forwarding fraud involves tricking a person into dialing *72, which is the most common call forwarding activation key, this gives access to accept third party and collect calls while diverting all calls actually indented for the end user and sending the bill to that business. The attacker in these cases would usually auto dial until an end users picks up, and then spin a story such as “I was just in an accident, my phone is dying, please contact my wife, boss, lawyer, etc… the number is *72 XXX-XXX-XXXX” until they find a person that agrees to help.
Another call feature that can be used against you is voicemail callback. For this, an intruder scans for default VM passwords and changes the recording to “Yes, I accept the charges” or a similar phrase to send collect calls to the system and collect the charges made to your account. A complete hack of the system can be done as well if the intruder knows what they are doing. They would then program your call forwarding feature to send all calls to international numbers owned by them and bill your service provider for the charges.
To protect your company from device and call fraud, always encourage employees to change default passwords on devices, accounts, and voicemail inboxes if it is not done automatically or by you. It is advised to use a combination of words such as Correct Horse Battery Staple instead of the standard: Pa55word!?, 6aseb@ll, Qweasd123. Turn off all features that are not in use, such as call forwarding, voicemail callback, and blocking of international calls, as those idle features are easiest to target.
Set Limitations and Access to Carriers
As a VoIP Provider, picking the right carrier is as important as the phone system itself. The best carriers provide analytics monitoring, alerts and logging. Since you are ultimately responsible for the traffic generated by your system, delegating fraud detection and mitigation to your upstream is not the wisest course of action. It’s important to know how to set limitations and access to carriers and know how to monitor carrier utilization.
Examples of explicit inbound/outbound rules:
- Block inbound network traffic you do not want
- Route high-rate calls via alternate more fraud-enhanced routes
- KAZOO blocks high rate areas by default
- Limit number of simultaneous calls
- Select backup routes which come into effect when other routes fail
- Choose carrier priorities for all outbound services or by service individually
- Select different set of routes, depending on the type of number being dialed
- Limit the types of call the account can make, for example: US Toll Free, US Toll, Emergency Dispatcher, International, US DID, Carribean
Prepay can be effective in preventing the possible consequences of unlimited network access. By setting an amount limit, in case of an attack, an intruder can only gain the amount you have prepaid, stopping them from draining your account and causing bottomless damages. Careful when setting up an account, automatic recharge is convenient, but does not prevent the account from continuing to be drained once the original pre-paid amount is exhausted.
Other Fraud Schemes
Even if you use all the methods listed above to try and protect your business, there are still companies that are in the business of ripping people off. In every industry, where there is a will there’s a way, and new forms of commiting fraud are invented every day. Some are more amusing than other, like in this case, where a woman continues to get strange phone calls that find her eavesdropping on the life of complete strangers.
Fake companies are often formed to deceit business into using their service. The most popular tactic involves creating a faux business resembling the name of a well known company, making the difference hard to spot for unsuspecting users. Those persons will often go as far as creating fake bank receipts and offer you fake IP addresses, as well as simply using your services under a fake business name and never paying.
It cannot be stressed enough to do your research on any company you do business with. Reviews and information can be found on almost any business with a quick search of the internet. When working with contracts, always have a lawyer look over the details and when in doubt, don’t hesitate to get professional help. There are also several community websites such as VoIP Fraud that help the conversation of fraud going and warn people of known businesses/people who are a risk.
With the advancements in technology, your business is more at risk than ever. In 2016, 1 in every 937th call made was fraudulent, and increase from 1 in 2000 just the year before. Instead of a reactive approach, which inevitably will cost you money, following and taking the smallest safety precautions could save you thousands of dollars and the reputation of your business. Work with a company that keeps their platform updated, frequently monitor your account, and stay up to date on emerging technologies and safety tactics, to be a step ahead of fraud.
Posted on June 21, 2018 by Dan Quick
For our Partner Blog Series we like to highlight the relationships we have with our peers and business partners from across all areas of the telecommunications industry. We know that when it comes to relationships, the whole really is greater than the sum of the parts. That’s why we want to share with you the wisdom, experience, and perspective of the companies we work with.
For this edition of the VirtualPBX Partner Blog Series, we tap into the decades of network security experience of Sorell Slaymaker from Unified IT Systems. Sorell is an expert in the areas of risk assessment, network configuration, and general data security best practices in the cloud communications space. He has written extensively on these topics and today contributes the following guidelines for securing unified communications.
Best Practices In Securing Unified Communications
Unifed Communications (UC) applications can be the hardest to secure within an enterprise. UC clients, APIs, and services need a full security suite to ensure an enterprise stays secure. Too many enterprises attempt to apply standard application security measures to UC applications, which limit what users can do and still leaves enterprises exposed to the complex UC security challenges. Security managers and architects understand standard web applications, but not all the nuances of UC, and UC managers and architects lack the sophisticated security understanding.
Framing the Challenges of UC Security
One example is when Cisco’s Webex reported a critical security vulnerability that needed an immediate patch. An authenticated, remote attacker could execute arbitrary code on a targeted system due to insufficient input validation by the Cisco WebEx clients. The risks to a company if their UC system(s) is not secure include:
- Loss of Data – UC is more than voice and video, there is a lot of data associated with Web conferencing and file sharing.
- Back Doors – Bad actors can bypass standard security controls to gain access to private networks.
- User Tracking – Using Meta-data regarding the communication to track who is talking to whom, when, and where, even if the media is encrypted.
- Blackmail – Recording private conversations and threating to make the information public.
Increasingly Common Risks
UC combines telephony, video, chat, email, and presence together into one unified communications system. As the technology has become more complex and more accessible from the public internet, the security threat has increased. In many ways, it’s easier than ever to attack business communications. Companies must be diligent to protect their communications as they are vital to business operations.
Companies formerly relied on their internal network being secure and required external users to use a VPN solution to get in. This strategy may no longer work for all businesses because:
- No network is secure – It is been proven that the top vector for attacks come from inside the enterprise network.
- BYOD – (Bring Your Own Device) UC from personally owned devices including employees, contractors, partners who do not have a VPN or MDM client software protections.
- Speed – Users want to immediately start communicating versus having to wait for a VPN tunnel to be established.
- Public UCaaS – Hosting UC externally at a 3rd party using internet network connectivity is common, especially with the rise of freemium solutions.
- WebRTC – Supporting standardized clientless UC anywhere and everywhere.
Overcoming Common Challenges
While large businesses can often dedicate substantial resources toward securing their communications, SMB’s need simple and cost-effective solutions. Failure to secure UC can lead to information and data theft. UC is hard to secure for the following reasons:
- Peer-to-peer – WebRTC and proprietary UC stacks allow one device to talk directly to another without going through a centralized service and security stack. All other applications are client/server based, where a security stack can reside at the server.
- Bi-Directional – Sessions can be established in both directions due to the call/calling nature of UC versus a web application where a user establishes the session request. A home router, for instance, has a simple firewall rule that states all TCP & UDP sessions must be initiated from within the home network and why to get a Skype call, the home user first must be logged into Skype.
- UDP Transport – Unlike TCP that has sequence numbers and specific ports for different types of applications, UDP has neither. Different vendors open up a range of UDP ports and UC sessions cycle through the range of ports. The range of ports must be bigger than the peak number of concurrent UC users.
- Multiple services – Voice, video, chat, data – UC uses a range of services, each with their own TCP/UDP port. With conferencing, there can be hundreds of users interacting both inside and external to the organization.
- Jitter Sensitivity – Jitter is the variation in latency, and jitter above 20ms will result in the effective loss of real-time voice/video traffic. With video conferencing, there can be instantaneous spikes in network traffic that are 100x the norm. Firewalls and other security appliances have trouble processing a lot of UC traffic without causing jitter. The primary reason why UC was the last major application to use virtualized infrastructure at scale is due to this.
- Remote control – Co-browsing and taking remote control of an end-device are some of the enhanced features of UC suites. Many vendors use this to circumvent VPN and other types of supported enterprise remote access.
- APIs – The digital world is about getting and sharing data through APIs. Set up a secure, encrypted session and information goes in and out of an organization. The challenge is that some of this data can be private, confidential, and/or regulated data that require enterprise governance and compliance.
- Too Many Proprietary Appliances – Legacy PBX, voice mail, conferencing systems use proprietary hardware with non-common operating systems. These appliances are subject to known security vulnerabilities.
Finding the Solutions for Every System
While this list can be overwhelming, there are best practices to follow regarding security UC. These include:
- Encrypt Everything – It is no longer good enough to just encrypt data at rest, data and communication in motion must be encrypted because users and applications can be anywhere and everywhere. Use 256-bit encryption on sensitive data and communications. For instance, using 128-bit encryption still allows someone to understand if it is a male or female talking, what language, how long the conversation is and the interaction amount between users.
- Adopt Zero Trust Architecture – Zero Trust means that nothing on the network, resource, or application is trusted. A deny all policy, with a whitelist that is integrated with the identity and access management systems. Use anomaly detection to alert when something abnormal is occurring.
- Ensure Identity – Great security starts with great identity and access management. Multi-factor authentication, least privilege access, and good logs to account for who accessed what are industry best practices that are not always applied to UC. Password management for voice mail and other services should be multi-factor and require 2-factor tokens for system administrators. The password reset process should also be rigorous.
Really all proxy services need to be examined, as well. While web and email proxies are common and SBCs act, as one of their functions, as a voice proxy. Be sure to add chat/presence and video proxies. Unfortunately, these proxies are proprietary. A few examples Microsoft has their Edge & Reverse proxies, Cisco uses Expressway. These proxies provide the following features:
- Packet Inspection – Unencrypt each session and inspect the signaling packets and scan each packet and stream.
- Secure Firewall Transversal – Set up specific TCP ports to go through a firewall and handle the NAT required at both layer 3 and layer 5.
- Log & Alarm – Gather a log of all sessions and generate real-time alerts when there are anomalies such as a spike in traffic, malware detection, multiple session failed attempts, etcetera.
- DLP – When required, record the session – Important for screen share logging.
For WebRTC, a WebRTC Gateway with ICE, STUN and TURN services used as appropriate. To add to this list, with the use the Communication Platform as a Service (CPaaS), all API’s should also have a proxy so an enterprise can enforce governance and compliance of all data going in and out of the organization.
- Securing the UC appliances – Scanning on a regular basis and applying vendor security patches immediately, plus turning off unused services. While this may seem obvious, many enterprises fail to do this as their UC infrastructure does not always reside in the security managed part of the data center.
- Log & event monitoring – Every large enterprise has Security Information and Event Management system. The UC systems should tie into this.
- Audit – While all large enterprises and government agencies get 3rd party audits of their critical or sensitive transactions, this is rarely done for interactions. Getting a 3rd party to audit UC security and interactions is an emerging best practice.
- Training – No matter how secure your systems are, users can be lazy and not take security seriously. If they or the people they are talking to are on an unsecured session, confidential, private, or regulated information should not be shared.
Hackers are becoming like spies and getting more sophisticated and targeting employees, contractors, and partners to help them infiltrate an organization. Everything in an organization needs to be locked down tightly, including UC applications. And for IT security professionals, a security breach into systems that you are responsible for will more than likely result in you updating your resume.
So what do you think? Does your enterprise already conduct all of these steps to protect itself from bad actors and security breaches? Do you think there are other critical steps that we didn’t cover here? Let us know by joining the conversation on Facebook or Twitter, and we’ll make sure to include it in future editions of the VirtualPBX Partner Blog Series!