How We Protect Our Customers from Cyberattacks + Best Practices on Staying Safe

cyberattacks - best practices - blurred people in background behind 3 different phones and business card

At Carolina Digital Phone, we take the safety of our customers VERY seriously. That is why we implement the following cybersecurity measures to protect our customers from cyberattacks:

  • Our hosted cloud phone system runs on private and highly secure LAN data networks. These networks are protected by end-to-end encryption mechanisms. Including Transport Layer Security/TLS, Secure RTP for transmitting media, robust password protection for managed routers, and secure web-based dashboard access. In addition, our servers do NOT connect to the public Internet. 
  • Our expert team continuously installs and configures security patches and updates.
  • We conduct 24/7 monitoring to proactively detect unusual or suspicious activity. 
  • Our fax server is HIPPA compliant, and does not store any fax information locally.
  • We deploy a comprehensive Telecommunications Fraud Management System that conforms to STIR/SHAKEN standards.

In addition to the above, we strongly encourage our customers to adopt the following cybersecurity best practices:

1 – Use Strong, Unique Passwords

Everyone on the roster — including contractors, consultants, and anyone else who has access to apps and networks — should be required to use strong, unique passwords. To prevent cyberattacks, passwords should follow these guidelines:

  • At least 10 characters long.
  • Use a mix of letters, numbers and symbols.
  • And in any way do not reveal traits pertaining to the user. E.g. no favorite sports teams, pet names, or other easily guessed words).

Here are some suggestions for creating strong passwords from Total Computer Solutions. Because remembering strong passwords can be a burden, we suggest using a credible password management tool. Such as LastPass, Keeper, 1Password, etc. This article highlights some of the best options available.  

2 – Use Multi-Factor Authentication (MFA)

A useful method in thwarting cyberattacks uses Multi-Factor Authentication or MFA. MFA requires users to add a secondary piece of information to access various accounts. This can be:

  • Something they know, such as a PIN.
  • Something they have, such as a smartphone.
  • Or something they are, such as their fingerprint.

Currently, the most common form of MFA is using smartphones. For example, in order to access an account users must enter a one-time password (OTP). Or code that they receive through a text message or app such as Google Authenticator. 

3 – Audit accounts and deprovision departing users.

Many organizations have an inventory of zombie accounts. These are accounts that were used by employees who left the company weeks, months, or sometimes even years ago. What’s more, sometimes these are associated with privileged accounts. Which means cyberattacks could give hackers access to a wide range of confidential and proprietary information. Organizations should conduct an account audit to ensure that no zombie accounts exist, and put processes in place to properly deprovision departing users (i.e. remove their account access).

4 – Implement the Principle of Least Privilege (POLP)

POLP ensures that users only have as much access as they need to carry out their daily tasks. Nothing less, and nothing more. POLP can be implemented across one or multiple factors, such as:

  • Role (e.g. project managers, resource managers, etc.)
  • Seniority (e.g. supervisors, managers, executives, etc.)
  • Business Unit (e.g. development, marketing, HR, etc.)
  • Location (e.g. head office, field offices, etc.)
  • Time (e.g. office hours, after office hours, etc.)

5 – Help users improve their cybersecurity hygiene to prevent cyberattacks.

Phishing, vishing, smishing — cyber scams are everywhere these days. The FBI has information on the different types of methods hackers use to get information. And while some attempts are laughably amateur (and usually end up in SPAM folders), others are surprisingly professional and polished. For example, many otherwise astute and skeptical users have fallen victim to clicking links that claim to be from a legitimate company like Microsoft, Apple, or Google, but is really from hackers. There are some free online courses available that help users improve their security hygiene — click here for a list.

The Bottom Line

The cyberthreat landscape is getting worse! The average cost of a data breach in the U.S. climbing to $8.19 million per incident. That is why we relentlessly work to keep our customers safe and out of harm’s way. And will continue making this a top priority.