Are Your Calls Secure?

Are Your Calls Secure?
There are numerous reasons for deploying secure SIP. The primary reason is preventing fraud. Fraud comes in different forms including toll fraud or consumer based fraud. Consumer fraud includes gathering sensitive information from the call like credit card information. Another major concern might be government-mandated encryption. Simply being security conscience in wanting to keep conversations private is another valid reason. It is important to note that SIP need not be encrypted when delivered on a trusted network, for example MPLS from the carrier, unless you simply do not want your calls listened to.
A quick stroll through the Internet looking at various websites by different cloud- based suppliers informs me they are only telling half the story. Many cloud-based suppliers often tell you their service is encrypted with TLS (Transport Layer Security) leading you to believe your calls are totally encrypted. Naturally, you consider SIP security done.
If a cloud-based supplier is utilizing TLS you are only half encrypted. It is important to understand that the SIP standard divides the call into 2 parts. Call control and audio. Each part requires its own encryption method. SIP call control merely contains information such as inbound calling number, caller ID, hold, transfer, and various other metadata type information. This part of the call is the easiest to encrypt because it is not time sensitive like the voice part of the call. The voice/audio part of the call is called RTP (Real-Time Transport Protocol).  As noted in the definition of the call, real time, the packets cannot be delayed or improperly assembled making this more difficult to encrypt. TLS refers only to the SIP signaling leaving RTP totally unencrypted, allowing any knowledgeable hacker on your network, including Internet, to record and replay your calls with simple, free, commonly available tools.
If your concern is primarily to protect from toll fraud TLS is effective.  If your concern is one of the reasons noted above than TLS has done nothing to protect your organization.
Feel free to give me a call if you would like to learn more about deploying actual encrypted SIP.
Regards,
Craig B. Hodges
craig_hodges@gobsb.com
586-859-6308
Advertisements

Important News: E911 Legislation Delayed.

E911 Legislation Delayed 3 Years
E911 (Enhanced 911) means that when a 911 call is placed the caller’s phone number and specific location are delivered to the correct PSAP (Public Safety Answering Point or 911 dispatcher).  The local street address information will not be enough. Detailed telephone location information such as the building, floor, or room number must automatically be provided to the 911 dispatcher.
This pending legislation affects all businesses that operate a telephone system inside one or multiple buildings, buildings that share a single address, or are more than 7000 square feet. The new law was scheduled to be enforced beginning December 31, 2016.  It has been delayed, again, until December 2019.  Please note that it has been approved by both the House and Senate and is currently waiting for Governor Snyder’s signature.  He is expected to sign.
Please feel free to call or email if you have any questions regarding E911.
Craig Hodges
568-859-6308
craig_hodges@gobsb.com

Are You Prepared For Your New Customers?

A new generation is coming into the marketplace: Generation Z.  This is a generation who grew up with the Internet, computers, smart phones and social media.  They are pro collaborators and value informal, instant, and digital communication. According to Pew research, over 85% own mobile phones and over 50% use chat/messaging on a regular basis. Instant communication is a standard for Generation Z; phone calls are not.
Businesses must adapt to this new type of customer.  From a customer service perspective, call centers need to become contact centers, providing real time responses. Below are several actions to consider as we embrace this new generation. By doing so you will increase productivity, improving reaction time and ultimately improving customer retention.
  1. Continually monitor social media. Numerous social media monitoring tools exist that will notify you when your business or organization is mentioned on social media.
  2. Use social media to react. Whether a compliment or complaint, a timely reaction shows you are interested in your customers and interested in a positive customer experience.
  3. Implement skills-based call routing (SBR). Instead of simply routing a call to the next available agent, SBR assigns incoming calls to the agent who is most suitable to handle a specific request, complaint, or inquiry.
  4. Be prepared to conduct sales via SMS. One statistic I read stated that 64% of smart phone users shop online. Since Generation Z is fond of text messaging, conducting sales and answering inquiries through SMS will be necessary.
  5. Offer several contact center options. Phone (with a request a call back option), email, chat, and SMS capability will help to improve your overall customer service.

Less Than 300 Days Until E911.

Are You Ready?

E911 (Enhanced 911) means that when 911 is dialed the caller’s phone number and specific location are delivered to the correct PSAP (Public Safety Answering Point or 911 dispatcher).

What does this mean for your business?  
When calling 911 it will no longer be enough just to have the local street address information that is associated with the phone system.  Soon, many businesses will have to automatically give detailed telephone location information such as the building, floor, or room number to the 911 dispatcher.
Who will this effect? 
The legislation requires all businesses that operate a telephone system inside one or multiple buildings, buildings that share a single address, or are more than 7000 square feet, install all necessary equipment and software to provide building, floor, and room number information to their local PSAP (public safety answering point) so that a 911 caller can be located within an area no more than 7000 square feet. Please keep in mind that Plain Old Telephone Lines (POTs) can no longer reasonably be used to dial 911 and comply with the law.

 
When does this go into effect? 
In Michigan, as of December 31, 2016, every phone that is capable of dialing 911 on a MLTS (multi-line telephone system) must provide an ERL (Emergency Response Location). For every phone capable of dialing 911 there must be an ALI (Automatic Location Information) in the 911 databases. The fines for non-compliance range from $500.00 to $5,000.00 per offense.  Please note that although Michigan doesn’t require that MLTS systems be programmed to allow the caller to dial 911 without having to dial another digit first, direct outward dial on a 911 call is recommended.
Exceptions (taken from the Michigan Legislation):
1. The building maintains an alternate method of notification and a way of signaling and responding to emergencies (which can include, but is not limited to, a communication system that provides specific location of the 911 call from within building or the building is serviced by its own medical, fire or security)
2. The MLTS Operator is not currently serviced by E911

Steps towards compliance include:
1. Upgrading to either an ISDN PRI or SIP Trunks and implementing Direct Inward Dialing (DID) numbers for each extension will be required. This technology works by attaching the detailed location information to the DID number within your carrier’s network.
2. Contact your carrier for specific details on how to input the necessary location detail. When a 911 call is placed your E911 compliant telephone system will push the DID number you have assigned to that specific extension out to your carrier. Your carrier then relays your address information, in addition to the more detailed location information, over to the 911 Call Center. The dispatcher can then dispatch emergency service to your approximate location.
3. Check with your telephone system manufacture for E911 compliance. Many businesses will find they are not compliant.

For specific E911 guidelines, or to find out if your business is compliant, feel free to give me a call or send an email.

Leaving Your Customers on Hold?

Does your organization have high call volume, placing customers or potential customers on hold for a significant amount of time?  Two companies, TalkTo and ResearchNow, conducted a survey that revealed half the people they polled spend 10-20 minutes per week on hold.  This equates to 13 hours per year, or 43 days over a lifetime.  Obviously, being placed on hold can be very frustrating for callers resulting in lost revenue and/or poor image for your organization.  Below are 3 things you can do to reduce on hold time and increase call retention.
  • Measure talk time and call volume.  This will assist you in staffing your call center appropriately.
  • Purchase a professional message on hold production for your phone system.  These productions are informative and entertaining.  A custom script highlighting your business, integrated with music, is a simple way to market to a target audience while increasing call retention.
  • Implement a callback program to capture those that would normally hang-up by allowing them to keep their place in the call cue, still hang up, and then receive a call back.
If you need assistance reducing on hold time and increasing call retention feel free to give me a call.

The Latest Threat to Your Business

Don’t Let Your PC be Victimized

Ransomware is the newest threat to your business. Ransomware is malicious software that locks your computer or encrypts your files, making your data inaccessible.  Ransomware will not only encrypt files on your computer but also on any drives that are mapped on your computer. The name is derived from the fact that ransom is demanded to regain access to your data or to get your files unencrypted.

The ransom is usually less than $500.  Since it is very labor intensive to run software to break the code the ransom might seem like a cheap fix to a problem that could cripple your business. A common ploy is to use a government logo, such as the FBI logo, claiming you did something illegal with your computer.  The ransom is labeled as a fine for this “illegal” activity.  Often the payment is demanded through Bitcoins (a form of digital currency that involves no central authority making tracking difficult) or another form of electronic payment.
The ransom should never be paid. There have been cases where people have paid and the encryption keys have failed and their data was not recovered. Also, paying the ransom perpetuates the problem. Many legal departments are adamant that the ransom is never paid, even if the data is lost.
There are numerous ways Ransomware can end up on your computer:
  1. Downloaded by visiting compromised website
  2. Payload, dropped or downloaded by other malware
  3. Clicking attachments to spammed emails
  4. The infection can also come from clicking on ads in the sidebar of a web page
The following are a few steps to help prevent being victimized by Ransomware:
  1. Use data protection and email security
  2. Utilize a cloud backup that will allow you to restore your data once the PC or Server is wiped clean (test this back-up regularly to make sure you can fully recover)
  3. Be aware of fraudulent emails
  4. Do not open suspicious emails or click the attachments in unexpected emails
  5. Make sure the software and the operating system on your PC is up-to-date
  6. Report anything strange to IT immediately (and IT should not discount any reports)
  7. Prevent ad content from being viewed by installing a content filter on the firewall to block users from clicking on ads
 If you are victimized by this latest scam the following are essential steps:
  1. Disconnect the infected computer from Wi-Fi or wired network immediately
  2. Contact your IT support person
  3. “Wipe” the infected computer
  4. Restore the data from your backup
Below is an image of what an infected machine could display on its screen:
ransomware 1.png

Are You a Forward Thinking Customer?

Just as my customers learn from me, often I learn from my customers. Forward thinking customers are fans of innovation. Presenting a need and also a possible solution, these customers challenge me to be creative, dynamic and flexible. One recent example is the West Bloomfield Public Library. IT Director, Bob Pesale wanted his employees to be connected and mobile throughout the library, without the need to be burdened with a heavy handset, tablet or laptop. Besides just being able to communicate with staff, he also wanted library personnel to have access to information. Ideally, library patrons would be able to approach any staff member and have their request fulfilled.

Pesale suggested utilizing Android Phones on their Wi-Fi network. Not only could West Bloomfield Library use the Wi-FI network to access the Internet, they could also use the Internet and these smart phones as extensions of their desk phones without incurring any additional charges due to consumption of minutes. The solution was to use the Androids as SIP phones with software running on it utilizing LAN.

There are numerous advantages to this smart phone design. The first is a lower cost of the phones. The second is durability. A proper case and these devices can have long life. Next is the ease of use. Just about everyone can use a smart phone. Workplace mobility and productivity are additional benefits. By using the Wi-Fi network and the smart phone, employees are connected not only to the Internet but also to a quality voice network.

It should be noted that these devices are owned by the library, do not leave the property and are shared amongst the different shifts.

Please let me know if I can be of assistance in implementing your “forward thinking” idea.