Implementing security controls after an attack or compromise of data is like shutting the barn door after the horse has already escaped…but worse.
Getting serious about VoIP and unified communications security after the whole solution is architected and implemented is costly enough. It is generally much easier and less expensive to implement sound security practices and controls organically as a part of the solution rather than tacking them on after the fact.
Sometimes architectural and procedural decisions made without security in mind are like water under the bridge and can’t be undone. You can put security controls in place, but they won’t be as effective as they could have been if security would have been a part of the initial design.
If you wait until after a successful attack or compromise of data you are just adding insult to injury. Its a double-negative. Now, on top of the more expensive, less effective security you were going to get by not thinking of security in the first place, you also have the expense of whatever financial impact or lost revenue the attack has, plus any potential damage to the reputation and credibility of the company.
Sipera VP of Marketing, Adam Boone, talked recently about just how costly it can be to forget about VoIP and unified communications security. Boone shared a story of a client victimized by toll fraud. Attackers placed 9,000 minutes of international calls turning the company’s normal phone bill of a couple hundred dollars to a $19,000 bill.
That’s $19,000 the company had to eat, on top of any security solutions it chose to implement to prevent similar attacks in the future. Shutting the door before the horse escaped would have saved it at least $19,000.
Is your VoIP or unified communications infrastructure secure? Are you planning to figure out the answer to that question now, or after it is compromised?