Careless talk costs pounds

The ongoing saga of telephone hacking never seems to rest. Look for telephone news on the internet and the chances are that your search engine will return pages stuffed with “latest victim” revelations. Whilst these allegations are distressing for the individuals concerned, when it comes to business, fraudsters and potential hackers are laughing.

Many businesses pay so little attention to telephone security that they are effectively handing an open cheque book to criminals. It can be easy to obtain access to systems allowing crooks to run up huge bills whilst company information just isn’t secure. In fact, to borrow modern switchboard parlance dial 1 for cash and 2 for information.

Starting with the cash drain, the easiest way for fraudsters to get hold of a telephone systems is to make use of a dial through system. Dial through allows employees to dial their office, often as a local call, and then use a PIN to make outside calls. Whilst dial through is PIN protected, in far too many cases the factory setting is left unchanged making it easy for fraudsters to guess at such tricky settings as 1234 or 1111. All fraudsters need to do is set up their own premium rate line, often abroad, hack into a business phone system and then call the premium line. This type of fraud netted some £120million last year in the UK.

Dial through fraud is easy to prevent. Firstly make sure that pass numbers are changed at regular intervals and ban any easily guessed combinations. Next, take steps to limit the damage should fraudsters gain access to the system. As crooks prefer to work at evenings and weekends when they are less likely to be spotted, make sure that you have a system which restricts or bans dial through calls outside office hours. Where this is not possible, set the system to block dial through calls outside the UK or to set destinations.

Blocking information fraud is again as simple as educating employees to watch what they say when on mobile phones or sitting next to open windows. Sit on any commuter train and you can guarantee to pick up a wealth of information about company policy, projects and personalities. Sit in the same carriage over a week and you could probably step into any one of a number of companies without needing an induction course. What may seem an innocuous conversation to one person is a wealth of data to a potential fraudster or information hacker. Training employees to be aware of the dangers will go a long way to securing company privacy.