Improving Security

Security is always an important and complex issue. Read about our recommendations.

Martin avatar
Written by Martin
Updated over a week ago

CloudTalk is proud to provide a variety of security measures to protect your data. The following is a summary of our security recommendations you can use to make your account even more secure against the most common types of telecom fraud.

User Level:

  • System administrator

Security in Telecom Industries

What is toll fraud?

Toll fraud is the most common fraudulent scheme used in the telecom sector. The people who commit this type of attack will artificially generate a high volume of international calls on expensive numbers (routes). When calls are made to premium rate numbers, the fraudsters take a cut of that revenue. In the telecom industry, the total losses from toll fraud are estimated to be over 10 billion USD annually.

Protection From Toll Fraud and Hacking

The best prevention strategy is a combined approach of safety standards which limit accesses in a way that they are only accessible to the individuals who need them.

Even the best security policies are useless if they are not followed thoroughly and consistently, by every employee. For this reason, we recommend companies to provide their employees with security training to make sure best practices are uniformly followed.

Security Checklist

  1. Set strong passwords. Admin, agents, and other users should be required to use unique passwords from their CloudTalk account. This reduces the risk of an attacker gaining access to multiple accounts with the same compromised password.

    1. Make it long. Long passwords are harder for attackers to brute force.

    2. Use alpha and numeric characters (and special characters if allowed). Just make sure you remember it—a password manager can help with this.

  2. Keep admin users to a minimum. Admins have such privileges as managing security features, agents, and other account functions with a large company impact. Admin users should be trustworthy, vetted employees who understand the weight of this responsibility. Reduce security risk by being selective with the number of admins on your account.

  3. Never disclose login information. User names, emails, or passwords should never be given out to clients or other parties, nor should they be shared across teams or among employees when avoidable.

    1. Password reset—the secure way to reset your CloudTalk password is to click Forgot my password on the login page.

    2. Social engineering is a popular method hackers use to get your login data. When in doubt, never provide sensitive information over email or phone calls that were not initiated by you. Do not make changes in someone else's name. Educate your employees to be aware of common tactics:

      1. Claims that there has been a security breach, in which your password is needed to solve the issue

      2. Emails from people who claim to be admins or account users

      3. Suspicious messages coming at times of the day when fewer agents are working

  4. Only allow calling within countries you actively work with. Many telecom attacks consist of the attacker getting control over your account and calling expensive international phone numbers. By restricting calling to only countries that you actually need to work with, you can avoid these kinds of scams.

    1. Block international calls which aren't relevant to you from the dashboard: Account > Settings > International calls.

    2. Know the top 10 countries for telecom fraud:

      • Cuba

      • Latvia

      • Somalia

      • Lithuania

      • Guinea

      • Gambia

      • Maldives

      • Estonia

      • Zimbabwe

      • Tunisia

  5. Compile a blocklist. Systematically block inbound calls from spammers by adding them to your blacklist.

    1. Do spam numbers keep changing? We have a call flow that can filter those out.

  6. Keep API calls secure. All data sent via CloudTalk REST API are encrypted (TLS/SSL). Access to API is restricted only to authorized users with login and security API tokens.

    1. Never share your API key with unauthorized persons, and make sure to store your API key only where necessary.

    2. Don't store your API key within Git or other repositories.

  7. Keep track of staff activity through our Monitoring page. CloudTalk provides a monitor log to track the actions of users on your account. You can view the action, agent who completed the action, details, and the date and time the action took place.

    1. Admin can check audit their account activity on the dashboard, under Account > Actions History.

If you need further assistance or have any questions or doubts regarding the security of your account, contact our Support team. We are always here to help you!

Related Reading

Did this answer your question?