UCC may not be the first technology that comes to mind when you think of security compromises, but there’s still a potential risk. No one thought 1.5 million IP video cameras could be used as a botnet to mount a DDoS attack until it happened in 2016. Rather than wait for something to happen, it’s best to plan for the worst, especially when you consider these three truths:
- UCC = big data = target. Organizations are relying on UCC technology more than ever to manage all aspects of their business. Collaboration tools store and manage virtual tons of data critical to the businesses that use them. Organized criminals using ransomware could target these systems and hold the data hostage.
- UCC endpoints could be vulnerable “things” in the Internet of Things. The telecom industry has been a target of DDoS attacks in the past, creating network outages and other related issues. It’s one thing to be the target of attacks; it’s another to be the instrument. Earlier this year, a variant of the Mirai botnet launched DDoS attacks against the financial sector using 13,000 hijacked IoT devices. While Mirai has primarily leveraged IP cameras, routers and DVRs, it’s possible that UC devices like phones and cameras could be exploited and used as part of an attack.
- Customers are concerned about security. Every day there are reports of new exploits, breaches, malware and attack vectors. Being attacked can cause costly downtime for your customers. Even worse, according to the National Cyber Security Alliance, 60% of hacked SMBs go out of business six months after the attack due to the financial costs of remediation and loss of reputation among their customers.
With these concepts in mind, we have some best practices for you to consider.
- Use VLANs and segmented traffic. UCC traffic should be separated from all other network traffic.
- Ensure malware protection is running on the network and that all endpoints are being monitored.
- Turn UCC encryption on. Voice encryption is standard today and is switched on by default. Video encryption is sometimes turned off to improve QoS. Depending on your customers’ needs and relevant industry mandates (g., HIPAA), it might be necessary to encrypt video data.
- Ensure that no UCC devices use default passwords.
- Use enterprise-grade firewalls and ensure that only necessary ports are open.
- Implement a Session Border Controller (SBC) to provide additional security and optimizations for your UC network traffic.
- Use DDoS mitigation services to protect your customers from being targeted and interrupting their operations.
- Consider an intrusion prevention system to identify and protect against threats that make it through other security measures.
- Consider moving UCC servers to the cloud where the burden of security, backups, administration and redundancy is placed on the vendor.
- Ensure that all relevant UCC technology has the latest firmware.
Some of the above might seem like common sense. Some might feel like overkill. The fact is, when it comes to security, criminals are usually one step ahead, so no amount of precaution is unwarranted. If you’d like to learn more about how to implement secure and feature-rich UCC solutions, contact Ingram Micro’s UCC experts, Curt Vurpillat or Chad Simon.