Your communications systems provide critical access to customers and business partners, and you likely have an extensive security policy in place to ensure their protection. From encryption to next-generation firewalls, you have taken time to consider different types of attacks that could threaten your Voice over Internet Protocol (VoIP).
From a response standpoint, you likely have a disaster recovery plan in place that includes steps for recovering backup data and continuing business processes when you don’t have full access to communications systems.
In other words, you’ve done your legwork to make sure that communications are as protected from cyber attacks as possible, but have you taken the critical step of testing your response plan?
The Importance of Testing: It doesn’t matter how many scenarios you’ve planned for – from denial of service attacks to call hijacking. The problem is that professional hackers are creative and relentless, so you’ll never be able to cover every base with your security policies.
What you can do is test for routine emergencies. Don’t assume that because you’ve communicated everyone’s role and the expectations for how they will fill that role in a cyber attack that they are ready to act appropriately in an emergency. It requires extensive testing for response teams to become familiar with the steps they need to take to restore systems and support ongoing business processes.
Areas of Consideration: There are some important questions you’ll want to ask during testing that may help to better prepare teams to react in a number of situations.
Management Support: You’ll want to plan for personnel that will be available to oversee a security response, but you also need to have a plan in place for when management is not available due to the interruption of business.
Communications Systems: If your VoIP system is impacted by the attack, will you be able to access a 911 call or hotline services?
Departmental Representation: Be sure to have involvement from each line of business within your enterprise.
Design Versus Exercise Teams: The team that creates the security plan should not be the same team that tests it in an exercise. Plan for complete separation of the teams so that it’s easier to identify areas of vulnerability and address them.
Consider an Outside Consultant: You may want to have your team run an exercise, and then follow up with an outsourced testing specialist. They’ll be able to expand your concept of the types of attacks that could affect communications systems and detect any areas of weakness.
If you’re considering whether your level of security is enough to protect your communications systems from an attack, contact us at Diversified Technology Group. We can help you leverage the best tools to support your security policies and ensure they are thoroughly tested.