Best practices

Foundational Best Practices for Voice Cybersecurity

A RAPIDLY EVOLVING THREAT VECTOR

One of the fastest growing cybersecurity threat vectors is Voice, but organizations have been incredibly slow to react, leaving a gap in the Attack Surface.

This document provides direction for enterprise-class organizations to better understand:

  • The emergence of Voice as a powerful threat vector;
  • The Foundational Best Practices for incorporating Voice into an Enterprise Risk Management Strategy;
  • Guidance to “reasonably” protect and defend the organization’s people, processes, data, infrastructure, customers and partners.

Want to learn more?

Understanding the list:

In this list of 16 Foundational Best Practices for Voice Cybersecurity, we have notated the aligned business unit(s) that should bear responsibility for each individual entry. The business units are demarcated as follows:

Information Technology Team

Risk Management / Cybersecurity Team

Contact Center Team

Without further ado, let’s get into it.

Best Practice #1

ACKNOWLEDGE THE THREAT VECTOR

Understand Voice as a Threat Vector, including trends, attack types, terminology and risks to the organization. Voice is a critical and unique vector as it is an immediate, direct, 24 x 7 x 365 conduit to a human (every organization’s greatest vulnerability, and often their most expensive resource).

Best Practice #2

GET EDUCATED ON THE ATTACK SURFACE

Understand the Voice Attack Surface. Document the Voice technical architecture and who is responsible for support, maintenance, performance, protection / defense.

Best Practice #3

MOVE BEYOND MISPERCEPTION

Gain clarity around misperceptions of Voice Security (Some perceived solutions are NOT all encompassing solutions: MFA, Security Awareness Training).

Best Practice #4

UNDERSTAND LEGAL, REGULATIONS & COMPLIANCE

Understand evolving laws, regulations, compliance, reporting for risk management, cybersecurity, cyberattacks and cyberbreaches.

Best Practice #5

TRACK TRENDING LEGAL ACTIONS

Understand and keep abreast of evolving / trending legal actions regarding cyberattacks and cyberbreaches. Pay particular attention to “Reasonable” protection and defense.

Best Practice #6

UNDERSTAND CURRENT AND POTENTIAL IMPACT / RISK

Assess and measure the health and security of the Voice attack surface in your organization. How is your organization currently at risk and to what extent?

Best Practice #7

ALLOCATE BUDGET

Based upon potential risk exposure (data, brand, financial, operations, legal), regulatory guidance / requirements, volume / severity of threats, impact on the attack chain, and impact on key business imperatives, earmark appropriate financial resources. Remember, this is a threat to the enterprise which is vastly under protected.

Best Practice #8

INTEGRATE POLICY & RISK MANAGEMENT

Develop and continuously update organizational Cybersecurity and Risk Management Policies to include Voice as a critical threat vector. Further detail policies to include specifics around protection / defense protocols and procedures along with operational responsibilities and communications for both daily management and in the event of a compromise.

Best Practice #9

IMPROVE YOUR SECURITY FRAMEWORK

Integrate Voice Security into existing risk management / cybersecurity enterprise frameworks.

Best Practice #10

DO NO HARM MANDATE

Ensure and protect your Customer Experience while guarding against false-positives; build policy and operational processes to protect legitimate communications from inaccurately being flagged and eliminated.

Best Practice #11

INTELLIGENT CUSTOM RULES

Incorporate the ability to create and manage customized rules at multiple levels, from Sys Admin to each User.

Best Practice #12

LEVERAGE A VOICE FIREWALL

LEVERAGE A VOICE FIREWALL to remove nuisance and nefarious calls and to protect inbound and outbound voice traffic.

Best Practice #13

LEVERAGE SECURE VOICEMAIL

LEVERAGE SECURE VOICEMAIL to protect and defend employees from targeted voicemail attacks.

Best Practice #14

LEVERAGE VOICE TELEMETRY

LEVERAGE VOICE TELEMETRY for improved detection / response, and post-breach investigations.

Best Practice #15

LEVERAGE CALL FILTERING

LEVERAGE CALL FILTERING to remove nuisance and nefarious traffic at the inception of your inbound call flow.

Best Practice #16

LEVERAGE ENHANCED CALL CONTROL

LEVERAGE ENHANCED CALL CONTROL by integrating threat intelligence into your work flow and vectoring.