As with any application, a VoIP phone system needs to be secured, and this article outline some important things you can do to keep your phone system secure:

1. Install your phone system behind a firewall

The most basic step that you can do is to install your phone system behind a firewall. Open only the ports that you need: If you use external extensions and bridges, you can choose to use the 3CX tunnel and only open a single port for the tunnel.

2. Ensure strong extension passwords

Weak extension passwords are extremely dangerous. Do not use the extension number as the pin code or password. Ensure that you use strong, random passwords to avoid remote hackers registering with their soft phone to your PBX. As simple and obvious as this may sound, weak extension passwords are the number one source of security breaches.

3 Keep your windows up to date

Windows can automatically download critical updates. This means your OS is protected against serious vulnerabilities. Out of the box, and up to date, a Windows Server System is pretty secure.

4 Check your call logs weekly, better daily

Check your call logs weekly or better daily. This way you can quickly pick up on misuse of the phone system by either hackers or indeed legitimate users of the phone system. Use the inbuilt call reports to see calling trends.

5 Use an IP PBX that is security tested

Even if your Operating system is fully secured, and your firewall is properly configured, you depend on how securely your phone system has been coded. 3CX is built on .NET (which has many inbuilt security features) and it is regularly tested by outside security consultants.

6. Use a VPN.

If you want to add an additional layer of security, use a VPN. 3CX Phone System fully supports the use of VPNs – use the free openVPN for Windows and secure bridges and external extensions easily and cheaply.

7. Lock down which IPs or networks can access the phone system.

A further additional level of protection is to narrow down from which IPs you will allow registrations. This locks out the rest of the internet and provides a good additional level of defense. For example, if you have remote workers that always work from a particular location, you can consider purchasing dedicated IPs for these locations so that you can further limit access to the phone system by IP. This configuration is done at firewall level.