How to secure UC during a security incident response

South African businesses report around 110 cyber security incidents every month. It has become commonplace for local companies to find themselves the targets and victims of cyber breaches and more serious attacks. An important part of the recovery process is continuity; businesses need to be able to carry on with critical work during an incident.

This requires internal and external communications to remain intact. Many modern companies rely on cloud-based unified communications (UC) systems, but these require enterprise-grade security to keep them protected from cyber threats. This will allow employees to maintain comms and collaborate during an incident, as well as prevent hackers from listening in or intercepting messages.

End-to-end encryption is necessary but alone, it’s not enough. Enterprises also need to protect their metadata for phone and video calls. Ransomware attackers can use this metadata to prove to business leaders what information they have access to and what data they can expose if a ransom is not paid.

This makes it important for enterprises to secure their own UC systems and encrypt their data – it should not be left solely to cloud providers. So, if your company is hacked and your UC systems are penetrated, how do you secure communications to prevent hackers from listening in?

Steps to secure UC during a cyber attack

There are three essential components of enterprise-grade protection for UC, over and above end-to-end encryption. These include a zero-trust network, a directory authentication of identities and multi-factor authentication (MFA), which includes biometrics or location-based signatures.

Firstly, end-to-end encryption is always recommended and is pretty standard for UC systems. Every session must be encrypted with different keys for each channel. This means that if one channel is hacked, the other channels remain protected.

A zero-trust network assumes that no user or device can be trusted by default, even if they are inside the corporate network already. This type of network relies on authentication before any access to resources is granted. This means that employees are always vetted before being given access to UC systems.

The vetting process is done through the directory authentication of identities and an MFA process. It guarantees that only official employees have access to data, communications tools and sensitive company information. These security steps form a solid foundation to protect UC systems from hackers, but there are additional tools available.

Other ways to secure UC

All company devices should be managed closely by the IT department. All software downloads and subscriptions must be vetted and approved before being granted. This will also prevent spouses or children from downloading malware by accident when the device is taken home. It also prevents employees from downloading potentially harmful apps from the web.

Another way to secure UC is to use a proxy for each connected device. This helps to prevent data loss during an incident. Some companies also use audio watermarks for all voice calls, which allows their IT teams to trace which device was responsible for leaked data or information.

Next, security information and event management (SIEM) must be set up. This technology improves visibility across the whole business network, including all devices, applications, users and sensors. Through a centralised interface, SIEM analyses all security information and events in real-time. It allows IT teams to quickly investigate data breaches and log all events for analysis.

How secure is your UC platform?

There are many UC providers and platforms available, so enterprises need to scrutinise each one before making a decision on which to use. Apps like Microsoft Teams, Zoom and Google Meet all have security features in place, but there are still gaps through which hackers can exploit communications.

Companies should look beyond usability and additional features and investigate how UC platforms deal with data classification and security. Look into the infrastructure used by these service providers and what they do with your data and where it is ultimately stored.

You need to find a UC platform that offers both convenience and security, with more emphasis on the security side of things. Employees like easy-to-use communications tools, but ultimately, data security takes precedence. If you’re lost or feeling out of your depth, then consult with an expert communications service provider, like Seacom.

We offer various communications services to enterprises in South Africa through secure network infrastructure. We also offer a full suite of cyber security services to protect corporate networks and end devices from various threats. For more information about our communications services or to get a quote, email us at marketing@seacom.com or leave us a message.

Seacom owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

Seacom is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.