Are Your VoIP phones eavesdropping?
When most people think of insider threats, they think of nation-states, other adversaries, or bad actors attempting to access our communications. These individuals do indeed present significant threats to our data and national security, but often forgotten are the insider threats that come from unintentional or negligent use of communications systems.
VoIP environments have long been known to be vulnerable to attack even when on-hook or not in use, granting undetected eavesdropping capabilities to sensitive information. The National Telecommunications Security Working Group (NTSWG), as the technical and policy resource for addressing surveillance countermeasures for telecommunications systems for the federal government, has mandated the use of TSG certified phones and video teleconferencing (VTC) devices in areas where protected information is discussed.
While government users are consistently reminded of vigilance toward external threats, most insider threats are a result of careless user actions.
A three-prong approach consisting of technology, policy and process is the key to mitigating such threats and limiting exposure. A well-documented policy, while important, loses its effectiveness without rigorous and regularly occurring reinforcement activities to continually remind users of those policies and how to implement them into workflows.
From a technology perspective, security enhancements such as those implemented in TSG-approved devices, deliver proactive protections to secure communications.
CIS Secure offers a portfolio of TSG-approved phones and VTC systems to help government, systems integrators and security-conscious users protect their communications from both external AND internal threats. At CIS Secure, off means off! To learn how CIS Secure’s solutions help you stay protected, visit: https://cissecure.com/cis-secure-usb-positive-disconnect/