Management consultants KPMG has warned that businesses implementing voice over IP (VoIP) risk exposing themselves to threats from viruses and denial of service (DoS) attacks.
While the benefits of VoIP have been widely broadcast, KPMG says, in a report released this week, there is “a distinct absence of information detailing the risks and associated risk management practices.”
VoIP allows voice messages to be passed over networks like data. This exposes telephone networks to traditional network security threats such as viruses and DoS attacks, the white paper explains. Confidentiality and sound quality problems could both also arise once a VoIP system is installed.
Such security risks mean that companies must weigh the business advantages and strategic organisational goals afforded by the technology against the cost of keeping their phone networks secure.
“With voice and data now sharing the same medium, the risks associated with availability increase and require appropriate assessment by management,” wrote KPMG.
The decision to move to VoIP should be motivated by a company’s “business strategy and not technology imperatives,” the paper warns.
A recent survey by managed security service NetSec reported that only 6% of CIOs regard VoIP a dangerous security threat. Vulnerabilities in applications and use of wireless devices were regarded as greater cause for concern.