Any holiday period can be a prosperous time for businesses, but also for fraudsters. We see a vast increase in toll fraud during any period where offices are known to be closed for extended periods.

The threat of hacks is too significant to be ignored. TalkTalk Business recently commissioned research with Censuswide which indicates that over a quarter of businesses have fallen victim to a PBX hack in the last 5 years with the average cost of the attack reaching over £12,000.

While completing all your final preparations for the Yuletide, please take some time to make sure any PBX’s that you manage are as secure as they can be by running through the FCS’s Security Check List.

To get on the front foot in the fight to prevent financial loss, these are our 11 top tips:

1) Lock down international and premium rate access if this type of calling is not going to be required.

2) Remove all default password settings when deploying the PBX and limit access to any maintenance ports.

3) Change passwords and access codes regularly and create longer passwords using both alpha and numeric. Avoid 000, 1234 and extension numbers.

4) Consider limiting call types by extension – if a user has no requirement to call international or premium rate numbers then bar access to them.

5) Review any DISA (Direct Inwards System Access) settings and control or deactivate – this is typically used to allow employees to dial in from home to make outbound calls (usually high-value call types – mobile and international in particular) via the company PBX.

6) Secure the system physically – site it in a secure communications room and restrict access to that area.

7) Regularly review call usage – analyse billed calls by originating extension and identify irregular usage.

8) Ensure you fully understand your system’s functionality and capabilities and restrict access to those services which you do not use.

9) Block access to unallocated mailboxes on the system and change the default PIN on unused mailboxes.

10) Be vigilant for evidence of hacking – not being able to obtain an outbound line is usually a good indicator of high volumes of traffic through your system. Check for calls outside of business hours.

11) Assess security of all PBX peripherals and applications: platform, operating system, password and permissions scheme. Carefully evaluate the security of any onboard remote management utility (e.g. PC Anywhere).

Remember, there’s often more than one admin account with a default password that can compromise a PBX.

If you have any concerns or have any questions please do not hesitate to contact us on 0844 856 3301 or email



Related News

Why your telecoms supplier could be costing your business money

Read more

Can I migrate from ISDN to SIP without changing my PBX?

Read more

Our Office