Where does the traditional phone fit in with the modern business – VoIP and Internet Based Phones Solutions

VoIP  (Voice over Internet Protocol) has been in use since the early 2000s by both businesses and consumers.  However, if anyone remembers the early days of Vonage at home, you probably remember the horrible call quality issues.  Today the technology has improved and the needed bandwidth is now readily available.  VoIP is now the new standard for business and home phone systems.

VoIP basically means the phones are connected and calls are being carried over network equipment using Internet based protocols instead of the traditional low voltage copper lines in use since their invention by Alexander Graham Bell.

VoIP systems offer many benefits over traditional phone lines and phone systems including:

  • Simplified self administration, usually web based
  • Enhanced functionality including voicemail to text by email, call recording and internet based voicemail management
  • Simple and powerful automated attendant systems for flexible and professional call routing
  • Simple and powerful presence and call routing including find me follow me functionality, so calls can easily be routed to cell phones, home phones, office phones or wherever you are
  • Simplified unified system for offices and remote staff because all that is needed is good Internet connectivity
  • Built-in phone conferencing

 

VoIP solutions come in two main flavors, On Premise and Cloud Hosted.

The On Premise solutions have four main benefits:

  1. They can include integration with on premise CRM applications and other on premise software.  This is great for customer service departments and other call heavy departments.
  2. Lower cost for some organizations that have a requirement for a large number of handsets but few actual users.  This might include labs, manufacturing facilities, kitchen operations, etc.  Hosted solutions will charge monthly for handsets even if they’re not being used while on premise solutions only charge for the lines being used for inbound and outbound calls.
  3. Greater control and visibility into security as systems are maintained in-house and access to systems is limited.  This mitigates some exposure to threats like eavesdropping, call hijacking and long distance fraud, among other threats.
  4. Generally greater reliability and call quality due to the frequent use of dedicated switched circuits and the elimination of variables from network and Internet bandwidth limits.

Cloud Hosted solutions offer the following benefits:

  1. Very low up-front costs
    • Handsets and possibly some networking equipment are the only needed equipment
    • Dedicated Internet connectivity may also need to be purchased
  2. Very low maintenance costs as those costs are built into the monthly recurring subscription fees
  3. Unparalleled flexibility and scalability allowing phones to be setup at multiple locations, can be easily moved and can be easily expanded or contracted to accommodate changing workforce and business
  4. Lower Long Distance charges as many VoIP solutions offer fixed and inclusive National and International LD solutions

 

VoIP pitfalls and common mistakes

There are some significant pitfalls with using VoIP solutions, and often the sales people for these systems are not familiar with all the networking and technical challenges that should be considered, so it is really important to include your IT staff or consulting firm in these decisions.

Choosing the wrong VoIP solution or improper implementation can lead to lots of frustration, can impact call quality and wreak havoc on business data networks.  Some of these mistakes include:

  • Using the same data network that is used for your computer equipment
    • In this setup users “uplink” their machines through the VoIP phones.  This may be OK for some simple networks but it effectively puts a network switch in front of every computer.  This can have a significant impact on network performance and may impact the performance of some high throughput applications.
    • Using phones with slower ports than the existing networking equipment on your network.  Many phones are sold with 10/100Mbps ports while many offices are running 1000Mbps networks.  Newer networks are even going to 10Gig speeds.   By uplinking to these phones, the networks are effectively slowed down by a factor of 10 or more.  The phones with slower ports are less expensive and easier to sell for sales people who are not familiar with these limits.
  • Not provisioning proper Internet connectivity or traffic segmentation and prioritization
    • This can lead to dropped calls and call quality issues, especially when bandwidth becomes challenged by large computer downloads and online applications.
    • Simultaneous loss of multiple critical business data systems including phones and Internet when there is a reliance on a single Internet provider.
  • Purchasing too much networking equipment that overlaps with existing data infrastructure
    • Sometimes VoIP providers try to replace existing networking switches and firewalls, which may not meet the needs of the data systems, but are sold to accommodate the needs of VoIP systems.  This can lead to all sorts of network and security challenges.

 

Do you really need phones anymore?!

Before making any changes or replacing your current phone system, many businesses should really ask themselves do they even need phones anymore and if so how many?  It used to be that every desk and person needed a phone with voicemail, but now that paradigm has shifted.  Many startup companies don’t get phones for much of their staff unless they are direct client facing.  I’ve seen whole offices of programmers with no phones.

With so many modes of communications including email, chat, IM, voice services like Skype and Google Voice, Slack, Yammer, etc. in addition to users’ mobile phones, desk phones have become superfluous for many. In fact, I have users complaining about having to have an office phone as it is just another voicemail they have to manage. Similarly many people are seeing their home LAN lines as unnecessary.

 

Alternative Internet based phone solutions

Many businesses should consider using a Virtual Phone System rather than a full-fledged VoIP or on-premise phone system.  Virtual Phone Systems include some elements of a VoIP solution but do not actually include handsets.

These solutions allow businesses to have a phone number, automated attendant and call routing but lets them take advantage of the diverse phone solutions their staff already have in place including mobile phones, traditional LAN lines, etc.  This is great for a distributed work force or sales team and offices that have low call volumes.  These types of solutions can also be effectively combined with VoIP and On Premise systems to meet the needs of many businesses.  Some of these Virtual Phone Systems include Grasshopper, VirtualPBX  and OneBox.

 

Great VoIP solutions for office and home for people who don’t “need” a LAN line

The move is on in homes across US to drop their home LAN lines.  People don’t see the need for the expense and functionality is redundant with their mobile phones.  Even small home based businesses are simply using mobile phones and other solutions like a Virtual Phone System.  But there are still good reasons to have a primary phone line and there are some really good inexpensive solutions to meet this need.

Some of the compelling reason to still have a “LAN” line are:

  • Phone number tied to a location:  Sometimes you need to call a location rather than a person and the LAN line is always in the same place.  So if calling the house or the office, you may not care who picks up but that someone does.
  • Safety: Having a fixed phone to ensure communications in the event of an emergency can be very important.  Mobile phones wander and are tied to users but kids and staff may need to place calls to safety personnel when mobile phones are not available and don’t reflect a traceable address for 911 operators.
  • Call quality: Good VoIP phones is still offer better call quality then mobile phones, especially within some buildings or areas where coverage may not be good.

Ooma is one of my favorites choices for VoIP solutions for home or small office.  They offer “Free” and Premium solutions that meet most user’s needs at a very compelling price.  The “Free” offering requires an up-font $100 purchase and monthly $4/month “Taxes and Fee” for their basic service plus International LD and other service charges. Their Premium services is only an additional $10/month, but this may not be necessary for many users.

In a world of so many communications options, the traditional phone has still managed to stay relevant.  But with the Internet as its backbone, the phone has morphed into a much more flexible and capable tool with many different deployment options, which businesses and individuals should be keen to take advantage of.

Encryption, a double edged sword for businesses and home users trying to stay safe on the Internet

People may think of encryption as a technology that protects users’ privacy and security. And it’s true, encryption can be a powerful tool to protect ones privacy and secure sensitive information.  However, the current trend toward encrypting everything has created a significant challenge for businesses and users trying to stay safe from hackers and malware.

Encryption is the process of scrambling data so that only the intended users can access it. There are many forms of encryption.  Some encryption technologies protect data in transit such as TLS/HTTPS, which protects the information passed back and forth to websites and through email.  Other forms of encryption are used to protect data at rest on hard drives, iPhones, and cloud storage.

What does this mean for me, my business or my family?

It’s great to know that my credit card number is safe as I buy products online or conduct online banking.  But this same technology is also helping the bad guys to hide their malware and their efforts to steal our money, resources and secrets. The expensive technologies we’ve put in place including gateway firewalls, web filters, email scanning, Antivirus, etc. has been rendered increasingly ineffective now that more and more traffic is protected by the cloak of encryption. The content can only be viewed once it is executed and unpacked on your machine or your network, and by then it too late!

Imagine my 9 year old son, at home, going to YouTube.com to search for videos for fast cars and Hot Rods.  I do limit his access to sites by category, but YouTube.com is considered a legitimate and safe site.  YouTube.com is run entirely over HTTPS, encrypting all traffic from my home computer to the YouTube.com servers.  Once he’s connected, the Next Generation Layer 7 Firewall I have installed at home (perhaps overkill for home but this is my line of work) can’t see anything going back and forth between my son’s input and the results that YouTube gives him because its all encrypted.  His search terms and the results are blind to the filtering I put in place. So when that video of Hot Rods shows up, which was not at all what he was expecting, me and my wife are put in the unenviable position of answering our very inquisitive son why someone might make that video!

The same is true with other legitimate sites.  Almost 50% of websites online are WordPress sites.  These sites, if not maintained, are highly susceptible to compromise. I’ve seen many examples of sites becoming compromised and distributing malware to unsuspecting visitors.  That Youth Hockey site forum or Spa website you frequent may be the source of your next computer virus!  If the site is being run over HTTPS, that traffic is not being filtered by the web filters, firewalls or Antivirus you have in place, letting the malware into your network and your computer unobstructed.

Even this silly Blog is encrypted over HTTPS.  I could be infecting your machine right now! Encryption is being used heavily throughout the hacker world to evade detection and for distributing their malware..

Why is everything being encrypted and how did we arrive at this point?

When Edward Snowden released his Wikileaks documents in June 2013, aside from the specific details and revelations, its greatest impact was that they shattered one of the basic operating principles of the Internet, there is privacy in numbers. It was always understood that the sheer volume of transactions and data on the Internet made the Internet relatively private for most of us.

Why would anyone care about a personal email to my grandma about my plans to meet her on New Year’s Eve?  This email is one of trillions and the subject is seemingly irrelevant to anyone else but Grandma. The amount of time, money and effort for some organization to find, catalog, store and correlate this one email was thought to be improbable if not impossible. It’s like walking through Times Square on New Year’s Eve picking my nose.  Who would notice or care?

But we learned how the U.S. Government had put systems in place to do just that, record huge amounts of data from all communications systems and the Internet, cataloging the information and making this data usable through artificial intelligence, analytics, pattern matching and targeted searches.  Content and data streams from large companies such as Google and Microsoft had also been intercepted and fed into these systems.

Learning of this made individuals, Google and other institutions mad.  People’s privacy and confidence had been breached!  But really, how does this affect me and my email to Grandma?

Our trust and privacy was violated!

Google, Microsoft and other large companies immediately began implementing greater encryption across all their systems.  In 2014, Google made news by modifying their search algorithm to make the results of encrypted sites appear higher in search results and by publishing statistics about ISPs and websites who did and did not encrypt their web and email traffic.  So now this silly blog site is encrypted because I want to be found on Google! Along with this trend, the technology progressed and the processing overhead of encrypting traffic and decryption no longer posed significant overhead for providers.

Now all your search requests to Google, increasing numbers of websites, emails and more are encrypted, making access to this information by the prying eyes of the government and other unwanted and dangerous actors much harder if not impossible to access.  There are even moves to encrypt more traffic on the internet including DNS and other communications.

But are we safer and is our information more secure?

Unfortunately we’re not any safer today. According to Symantec’s latest Threat Report, there were almost double the number of Zero-Day threats discovered in 2015 then in 2014, a record 9 mega data breaches in 2015, over 50% increase in Spear-Phishing campaigns targeted at employees and the list of troubling statistics goes on.  The unintended consequence of ubiquitous encryption has only made the detection and discovery of malware and hackers efforts even harder.

It may be true that the U.S. Government no longer has ready access to your data, but now the tools and solution we have to protect ourselves have been compromised by the use of encryption.  Our personal data has become the domain of private corporations such as Google, who have built walls around their systems with encryption with little oversight and transparency.  Hackers can now more easily and stealthily steal our information and avoid detection with the help of encryption.

Instead of the U.S. Government knowing about my email to my grandma and my plans to meet her in Times Square on New Year’s Eve, Google, their affiliated advertising partners and also anyone else who sees the geographical coordinates published by my photo on Instagram and Facebook know exactly what I’m up to.  Also, because the hackers have successfully installed a quiet keylogger on my machine that was downloaded from the secure Youth Hockey site, they have successfully co-opted my good credit rating and opened 5 credit cards in my name and have left me with $50k in loans. They also managed to rob my house while they knew I was out of town.

What’s a person to do?  I like the privacy encryption provides but I don’t want to be a victim.

I’m not saying encryption is bad or we should stop using it.  However, it does pose a particular challenge to people and businesses alike trying to stay safe on the Internet and protect their information.  There are some technological solutions available to help mitigate these risks including HTTPS inspection solutions, and software and hardware pattern matching solutions.  They are worth consideration for many businesses but they’re expensive and hard to implement effectively.

Also, Antivirus companies are releasing new products and technologies that are starting to address these challenges through sophisticated behavior analysis, so staying up-to-date and implementing their new solutions is important.  There are also some notable startups that are taking different approaches to identifying and fighting malware including Cylance and Barkley.

Keeping computers up-to-date with all their software including OS (Windows, Linux and Mac) and all third party software (Java, flash, browsers, plugins, Microsoft Office, etc.) is also critical in protecting yourself. There are lots of solutions for businesses to deploy updates and patches across a network.  Home users or small offices can use a free tool called Secunia PSI.

The most effective and important thing anyone can do to stay safe is follow Safe Internet Behaviors.  Companies should be testing and training their users by sending out malicious like emails and phone calls to try and trick them into giving out information or access that they shouldn’t. There are now many solutions like PhishingBox that can provide these services.

 

 

Safe Internet Behaviors

Clicking on the wrong website links, wrong advertisement links, wrong email attachments and filling in the wrong online forms can expose you, your colleagues, your family, your employer and your friends to significant risk of:

  • Identity theft
  • Stolen online funds
  • Lost data
  • Lost access to online accounts
  • Future unknown risks

1. Email

  • Never open attachments from anyone you don’t know or don’t expect to receive something from.
  • Confirm with the sender what an attachment is before opening if it is unexpected.  If you hit reply to the message, does the To: address look correct? Malicious emails will spoof the sending address so when you reply, the recipient often will not look correct.
  • Never “Enable Macros” or download or install Plugins if ever prompted without fully knowing the validity of file. Malicious PDF and Office documents may try and trick you into running malicious code.
  • Never click on links within emails without confirming them with the sender.  Emails with fake links often report to take you to a GoogleDrive, DropBox or Banking sites but instead send you to a malicious site that will prompt you to download, run or outright infect your machine.
  • Be very suspicious of emails from your bank, IRS, FedEx, USPS and other institutions with links and requests for information. If there is any doubt about the legitimacy of an email or link, go directly to the institution’s website or contact them directly by phone.
  • Do not “unsubscribe” to unwanted emails unless it is from a trusted source that you are aware you signed up for.

2. Web browsing

  • Be very careful about clicking on Sponsored links and advertisements when performing web searches (Google, Bing, Yahoo, etc.). Perpetrators of malware buy ads and insert malicious code and links to try and get more exposure for their malware. Google search results, which appear below the paid advertisements, are safer as they cannot be as easily manipulated to show up on the first page.
  • Be very cautions about clicking on and opening files and programs downloaded from the Internet and only open those from known legitimate sites.
  •  Don’t install or open any files and links that pop up on the screen unexpectedly. Sometimes malicious software will purport to be an update to valid software like Adobe Flash. If you think your software may need to be updated, close the window and go directly to the software publisher’s web site itself.
  • Full screen prompts about your computer being Infected should be treated with great caution. This is frequent technique to get users to click on or run files that will infect your machine. See if the window can be closed and reboot the computer if necessary and contact someone who can help evaluate if your machine has actually been compromised.
  • Never search for license key generators, movie downloads, music downloads, free software, torrents, etc. as they are almost always gateways to malware. 

3. Phone

  • Never accept calls from Microsoft, government agencies, your bank or any other institution that you’re not expecting, that are looking for information, login info or access to your computer. This is a common tactic to gain access to your computer and other information to defraud you.

4. Wire Policy

  • All wire instructions should always be independently verified by outbound phone call.  Secure emails, emails or inbound phone calls should be considered sufficient to process wire instructions. 

If you ever have any doubt or question regarding the legitimacy of an email, attachment, or website, please feel free to reach out to Mantra Computing. If you do have an instance where you feel your computer is infected, the best course of action is to turn off your computer and give Mantra Computing a call to assess the situation and help determine the appropriate next steps.

Cyber Insurance, it’s worth another look for most businesses

In the course of life I find all sorts of reasons to worry.  It really doesn’t take much to get me going.  But technology is my business and it takes a lot to shake me, but recently I’ve been shaken.  The rise of high profile and continued data breaches, the widespread and evolving threat of ransomeware and other cyber threats, it seems nothing is really safe.  Our personal, financial and social lives are all so connected to the Internet and it seems like there is no where to hide.

Is the risk real, am I really a target?

The truth is these concerns are real, not some boogieman.  They are not abstract theoretical risks and I’ve been working with clients over the last few years dealing with their impacts and helping them try to avoid them.

Some of these experiences have included the following:

  • Ransomware attacks including Cryptolocker, Locky, Cryptowall, etc. Costs involve cleanup (removing the infection), restoring lost data (either from backups and/or paying ransom) and down time caused by systems being taken offline and made inaccessible.  These costs add up ranging from a few thousand dollars to tens of thousands of dollars.
  • Online store fronts being compromised by foreign attackers who compromise sites and code to steal CC and other info.  Even in situations where these compromises take place with 3rd party services, culpability and responsibility have been murky and has caused significant cost to clients. Costs range in Notifications requirements, cleanup and due diligence, legal fees, etc. and can range from a few thousand dollars to tens of thousands of dollars.
  • Disclosure of Personal Information (Legally protected by State and Federal laws) through accidental disclosure (Laptop lost, accidental email, etc.) and from flawed 3rd party software/services that become compromised or flaws allow unauthorized access. Costs for these types of situations can range from a few thousand dollars to tens of thousands of dollars due to disclosure/notification requirements, software/service changes, legal fees, state and federal enforcement actions and potential liability implications
  • Lost funds due to Compromised/Hacked network computers and equipment caused by accidental user actions or faulty unpatched software solutions. Many times these bank funds can’t be retrieved and are lost forever.  Other costs include disruption to business, interruption to line of business resources, and other mitigating efforts.

Businesses must take these risks seriously and protect themselves like they do for any other risks. Cyber Insurance is now a real and effective tool for protecting businesses against real and significant financial losses.

What are the options and costs?

Cyber Insurance policies used to be cost prohibitive, poorly defined and confusing to understand.  However, today there are lots of good options.  A good policy should cover the below items, which are not included in Professional Liability solutions:

  • Access to or Disclosure of Nonpublic Files
  • Breach Notification and Credit Monitoring
  • Lost Business Income
  • Reputational Damage
  • Loss or Damage of Computer Systems

Costs can range starting from a couple thousand dollars for a business with a million dollars in gross revenue.

What about all the technology I’ve put in place to protect my business?

In addition to good layered security solutions including Next Generation firewalls, network/computer monitoring, security software, user training and an up-to-date Written Information Security Plan, Cyber Insurance is a good tool that all businesses should be considering.

No matter how good your protections are, mitigating all the risks is impossible.  The risks are constantly changing and Cyber Insurance is there to help fill that gap.

Garrett