1300 020 402
Contact Us

Why Your Business Phone System is a Security Risk.

Home Why Your Business Phone System is a Security Risk.
Latest News

Why Your Business Phone System is a Security Risk.

Guest author: Anthony Luca, APJ Cisco Collaboration Specialist

We all know that cyber security is becoming more problematic, every year we hear of another high profile attack on a large organisation, Medibank and Optus are just two recent attacks.

What we don’t hear about is that 43% of cyber attacks target SMBs (https://cyberwardens.com.au/wp-content/uploads/2024/03/Research-Report-Building-a-culture-of-cyber-safety-in-Australian-small-businesses.pdf) with the average cost of cybercrime to each business being $46k (https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/small-business-cyber-security).

With the shift to cloud based business services (think email, CRM and accounting systems), we get the benefit of always up-to-date, accessible from anywhere access to critical business systems. But we also get the benefit of outsourcing the security risk of those systems to the company who builds and runs those systems, no longer having to hold the risk ourselves.

One service that has been slow to move to the cloud is the traditional phone system. Today more than ever, it poses an additional security risk to your business. The three main risks are:

  • Risk of toll-fraud. This is where an attacker compromises your phone system to generate very expensive international calls. Check your contract, because you as the small business owner are liable for these charges (https://smb.optus.com.au/opfiles/Business/PDFs/PBX_Fraud_Awareness_Guide.pdf). There are a number of ways in which a phone system can be compromised, including through the voicemail number, through a phone that doesn’t have any protection, or through the Phone System itself. Once an attacker has the right access, they can then initiate a number of international calls to expensive destinations, and you will be liable for those charges. Charges of $10,000+ are not uncommon!
  • Risk of compromise. Attackers look for any weak system in your network to initiate their attack. Modern phone systems are connected to the internet for connectivity and for remote access for management purposes. If your Phone System isn’t secured adequately, it could be the system that allows attackers to access your entire network! To ensure the Phone System isn’t compromised, it needs to be protected using well a configured firewall, as well as strong passwords, and two-factor authentication. It also needs to be patched frequently, especially with any security patches. So is your phone system being patched frequently? Is your Phone System vendor keeping up to date with security patches?
  • Secure Credit Card Payments. Does your business take credit card payments over the phone? If so, you are likely not PCI-DSS compliant. PCI-DSS stands for Payment Card Industry Data Security Standard and applies to any entity that stores, processes and/or transmits cardholder data, including those businesses that take payment over the phone. The standard is quite onerous, so having a Phone System that ensures you can still process credit card payment, but not capturing any cardholder data allows you to meet your PCI-DSS requirements whilst still taking payments over the phone!
  • Unfortunately, the responsibility is on you, the SMB owner. Has your Phone System supplier setup your network and Phone System using best practices (https://www.ncsc.gov.uk/pdfs/guidance/private-branch-exchange-best-practice.pdf)? Have you had a 3rd party security expert verify your phone systems security? These are not easy questions to answer for any business, let alone for a small business.

Unfortunately, the responsibility is on you, the SMB owner. Has your Phone System supplier setup your network and Phone System using best practices (https://www.ncsc.gov.uk/pdfs/guidance/private-branch-exchange-best-practice.pdf)? Have you had a 3rd party security expert verify your phone systems security? These are not easy questions to answer for any business, let alone for a small business.

When choosing a Cloud based phone system, you need to answer two questions

  1. Does my Cloud based Phone System deliver the features I need?
  2. Can I trust the Phone System Vendor to secure their Phone System effectively?

Here at Cisco, we are one of the largest security suppliers in the industry, and all of our products, including our Webex Cloud Phone System, has security built in from the ground up. Talk to your Nexgen representative to learn more about how our Webex Platform not only can give you a better Phone System experience, but a much more secure one too.

Ready to revolutionize your communication and save up to 70% on your calls?

Upgrade to the latest small business phone system technology today and get started with a free quote below!

Start Your Free Demo
Upgrade To The Latest Small Business Phone System Technology And Save Up To 70% Off Your Calls​

Start Your Free Demo Below

Step 1 of 6

How Many Handsets Do You Need?(Required)
It only takes a minute

Terms Of Use

Your access to the Nexgen website at https://www.nexgen.com.au is your acceptance of these Terms and Conditions and your access and use of the website is subject to these Terms and Conditions. If you do not accept these Terms and Conditions, you must refrain from using the Website. In these Terms and Conditions, capitalised words have special meanings. These special meanings are set out in the “General” section of this document.

Disclaimer of Liability – General Disclaimer

We are not liable to you or anyone else for any Loss in connection with use of this Website or a Linked Website or the failure to provide this Website.

This general disclaimer is not restricted or modified by any of the following specific warnings and disclaimers.

Disclaimer of Liability – Specific Warnings and Disclaimers

We are not liable to you or anyone else if interference with or damage to your computer systems occurs in connection with use of this Website or a Linked Website. You must take your own precautions to ensure that whatever you select for your use from this Website is free of viruses or anything else (such as worms or trojan horses) that may interfere with or damage the operations of your computer systems.

We may, from time to time, change or add to this Website (including these Terms and Conditions and privacy policy) or information, products or services without notice and your continued use of the Website will constitute acceptance of the variation. However, we do not undertake to keep this Website or these Terms and Conditions updated. We are not liable to you or anyone else if errors occur in the information on this Website or if that information is not up-to-date.

To the extent permitted by applicable law, all representations, warranties and other terms are excluded. You must ensure that your access to this Website is not illegal or prohibited by laws which apply to you or in your location.

To the extent permitted by applicable law, our liability for negligence, breach of contract or contravention of any law as a result of our failure to provide the Website, is limited to providing access to the Website.

You may not use the Website to collect or harvest Personal Information, including Internet addresses, about other users. You must comply with our Acceptable Use Policy available on the Website.

You must abide by any Terms and Conditions posted on the Website. You indemnify us from and against all actions, claims, suits, demands, liabilities, costs or expenses arising out of, or in any way connected to, the use of the Website by you.

Charges

You are responsible for the costs of all Internet access and telecommunications charges incurred when using the Website and accept that your use of the Website is your responsibility and is at your own risk entirely.

Nexgen operates secure servers to minimise the risk of unauthorised use of credit card information but unauthorised credit card use is at your risk.

Copyright

This Website, including without limitation, documents, information, programs and designs is our copyright property.

You are provided with access to it only for your personal and non-commercial use.

Other than for the purposes of and subject to the conditions prescribed under the Copyright Act 1968 (Commonwealth of Australia) and similar statutes that apply in your location, you may not, in any form or by any means:

1. adapt, reproduce, store, distribute, transmit, print, display, perform, publish or create derivative works from any part of this Website; or

2. commercialise any information, products or services obtained from any part of this Website, without our written permission.

Google Online Advertising

Nexgen use the Google AdWords Remarketing service which advertises across the internet to previous visitors to our website.

Google AdWords Remarketing displays relevant advertising content based on which sections of the Nexgen website you have visited. This is done by placing a cookie on your machine. A cookie is a small file sent to your browser from a web server to be stored on your computer. Cookies do not allow access to your computer or any data / files contained in your computer. It will not identify you in any way. Google Adwords Remarketing allow us to tailor our advertising and marketing content so it is relevant and suits your needs.

Any data collected as part of our use of Google Adwords Remarketing will be in accordance with Arrow’s privacy policy and Google’s privacy policy.

If you do not wish to be a part of our Google AdWords Remarketing, you can opt out by visiting Google Ads Preference Manager:

https://www.google.com/settings/ads

Then go to the “opt-out settings” where you can opt out of all interest based ads on Google and across the web.

Trade Marks

Intellectual Property in all materials, documents, information, data, images, logos and trade marks that we provide you or which are contained on the Website are owned or licensed to us and all rights are reserved.

Other product and company names mentioned in this Website may be the trade marks of other people or entities.

If you use any of our trade marks to refer to our activities, products or services, you must include a statement attributing that trade mark to us. You must not use any of our trade marks:

Linked Websites

This Website may contain links to Linked Websites. Those links are provided for convenience only and may not remain current or be maintained. We do not make any representation as to the accuracy or sustainability of any of the information contained on those other sites, and do not accept any responsibility or liability for the conduct or content of those other sites.

Links to those Linked Websites should not be construed as any endorsement, approval, recommendation, or preference by us of the owners or operators of the Sites, or for any information, products or services referred to on those Other Websites.

Unless stated otherwise on this Website, we have:

1. no relationship with the owners or operators of those Linked Websites; and

2. no control over or rights in those Linked Websites.

Personal Information

When transacting with you we may ask you for personal details such as your name, address and email address so that we can accurately identify who is using our services. By accessing the Website you consent to us sending you commercial electronic messages. If you do not want us to send you commercial electronic messages you may ask us not to by sending a blank email to [email protected]

Cookies

“Cookies” are a standard for storing small pieces of data on a web client (ie. the web browser on your computer). Any Web server (including this one) may:

1. store one or more cookies in your browser; or

2. request your browser to transmit the data to the Web server.

This Website may store cookies on your Web client in order to better serve you upon your subsequent visits to this Website.

By using cookies, Websites can track information about visitors’ usage of the site, provide customised content, or even the use of password protection. Note that some browsers can be configured to allow cookies to be accessed by servers other than the originating server.

Please note that most Web browsers can also be configured to notify the user when a cookie is received, allowing you to either accept or reject it. Please refer to the documentation and help screens for your web browser.

Security of Information

Unfortunately, no data transmission over the Internet can be guaranteed as totally secure. Whilst we strive to protect such information, we do not warrant and cannot ensure the security of any information or content which you transmit to us. Accordingly, any information which you transmit to us is transmitted at your own risk. Nevertheless, once we receive your transmission, we will take reasonable steps to preserve the security of such information.

Termination of Access

Access to this Website may be terminated at any time by us without notice. Our disclaimer will nevertheless survive any such termination.

General

In these Terms and Conditions:

1. “Intellectual Property” means any and all intellectual and industrial property rights throughout the world including but not limited to any copyright, trade mark, domain name, business name, design, patent, circuit layout, semi-conductor or other similar proprietary rights and licenses and sub-licenses of such rights (irrespective of whether or not such rights are registered, or formal or informal); trade secrets, technical or non-technical data, knowledge, information or documentation; secret or confidential operations or information; business systems, business methods or business plans (whether registered, formal, informal or otherwise); customer lists, supplier lists and other proprietary lists, names, addresses or information not generally known; techniques, diagrams, data, proofs, prints, particulars, inventions and prototypes.

2. “Linked Websites” means Websites of people other than NexGen which are hyperlinked from this Website.

3. “Loss” means any loss or damage, however caused (including through negligence) which may be directly or indirectly suffered.

4. “Personal Information” means any information from which your identity is apparent or can be reasonably ascertained as defined in the Privacy Act 1988 (Cth).

5. This “Website” means the whole or any part of the web pages located at https://www.nexgen.com.au (including the layout of this Website; individual elements of the Website design; underlying code elements of this Website; or text, sounds, graphics, animated elements or any other content of this Website).

6. “We” and “us” refer to Nexgen Australia Group Pty Ltd trading Nexgen Australiaas and “our” has a similar meaning.

These Terms and Conditions are governed by the laws in force in New South Wales, Australia and you submit to the non-exclusive jurisdiction of the courts of New South Wales, Australia and any courts which may hear appeals from those courts in respect of any proceedings in connection with these Terms and Conditions or this Website.

Nothing contained in these Terms and Conditions derogates from Nexgen’s right to comply with law enforcement requests or requirements relating to your use of this Website or information provided to or gathered by Nexgen with respect to that use.

Nexgen Master Security License Certificate Number is 410 295 251, ID Number 108 216 452 Nexgen is a member of ASIAL.

Privacy Policy

  • 1. About this Document
    • 1.1 This document (“Privacy Policy”) sets out the policy of Nexgen Investment Group Pty Ltd Trading As Nexgen Australia – ABN 88 606 251 503 in respect of the treatment of your Personal Information or your affairs or personal particulars.
  • 2. Interaction with Telecommunications Act 1997 (Cth)
    • 2.1 Nexgen is a Carriage Service Provider and is subject to obligations set out in the Telecommunications Act 1997 (Cth)
    • 2.2 To the extent that any of your Personal Information is also information of the kind referred to section 276 of the Telecommunications Act 1997 (Cth) (in particular, information that relates to your affairs or personal particulars) Nexgen will not use or disclose that information unless permitted by the Telecommunications Act 1997 (Cth) and the Privacy Act 1988 (Cth).
  • 3. Dictionary
    • 3.1 To assist in the understanding of this Privacy Policy, the following capitalized words in this Privacy Policy have the following meanings:
      Carriage Services has the meaning given to that term in the Telecommunications Act 1997 (Cth).
      Carriage Service Provider has the meaning given to that term in the Telecommunications Act 1997 (Cth).
      Personal Information has the meaning given to that term in the Privacy Act 1988 (Cth).
      Related Body Corporate has the meaning given to that term in the Privacy Act 1988 (Cth).
      Sensitive Information has the meaning given to that term in the Privacy Act 1988 (Cth).
      and includes information as to race, political opinion, religious believes, sexual preferences and membership of a professional or trade association.
  • 4. Collection
    • 4.1 1 Nexgen will collect Personal Information from you if that Personal Information is necessary for one or more of Nexgen’s functions or activities.
    • 4.2 Personal Information is predominantly collected so that Nexgen can supply Carriage Services to you (or contact you in respect of a proposed supply of Carriage Services) and perform ancillary and incidental functions. This includes:
      • customer service;
      • complaints handling;
      • billing; and
      • promoting our special offers as well as offers from our Related Bodies Corporate, suppliers and/or affiliated third parties.
    • 4.3 Nexgen may collect Personal Information using several different methods. For example, Personal Information may be collected by Nexgen:
      • directly from you by telephone, email or by completing a form (e.g. Nexgen may be provided with Personal Information on a customer application form, during contractual negotiations, during voice verification etc.); or
      • from third parties such as our Related Bodies Corporate, credit reporting agencies or your representatives; or
      • from information in the public domain – however if it is reasonable and practicable to do so, we will only collected Personal Information about you directly from you.
    • 4.4 Nexgen will take reasonable steps to ensure that you are aware at the time of collection (if practicable):
      • that Nexgen is collecting the Personal Information and as to how to contact Nexgen (if this is not obvious to you);
      • that you may gain access to the Personal Information (see paragraph 9 below);
      • the purpose for which the Personal Information is collected (this may be referring you to this Privacy Policy); done by
      • of the organisations (or types of organisations) to which Nexgen usually discloses Personal Information (this may be done by referring you to this Privacy Policy);
      • of any law that requires the Personal Information to be collected (for example, for compliance with the laws relating to the Integrated Public Number Database); and
      • of the consequences (if any) of Nexgen not collecting the Personal Information (typically, this will be an inability to supply Carriage Services to you).
    • 4.5 If it is not practicable for Nexgen to take reasonable steps to ma e you aware of the matters set out in paragraph 4.4 at the time of collection, Nexgen will do so as soon as practicable after collection.
  • 5. Use and Disclosure
    • 5.1 Nexgen will generally only use Personal Information for the primary purpose for which it was collected (for example, Personal Information set out in a customer application form is collected for Nexgen). the primary purpose of facilitating the supply of Carriage Services by
    • 5.2 However, Nexgen may use or disclose Personal Information for a secondary purpose in the following circumstances:
      Reasonable Expectation
    • 5.3 Nexgen may use or disclose Personal Information for a secondary purpose if:
      • the secondary purpose is related to (or if the Personal Information is Information, directly related to) the primary purpose of collection; and Sensitive
      • you would reasonably expect Nexgen use or disclose the Personal Information for that purpose.
    • 5.4 For example, Nexgen considers that if you are a customer, you would reasonably expect Nexgen to disclose or use your Personal Information to:
      • its printing and mailing house to print and dispatch correspondence and communications to you or
      • notify the customer of special offers or promotions from Nexgen, its Related Bodies Corporate, suppliers and/or affiliated third parties; or
      • ask you to participate in a customer satisfaction survey; or
      • to its dealers, sub-contractors and agents to enable them to perform certain functions on behalf of Nexgen.
  • Consent
    • 5.5 5 Nexgen may use or disclose Personal Information for a secondary purpose if you provide your express consent or consent can be implied.
    • 5.6 Nexgen may seek your consent on an application form for services, during the voice contracting stage of your application or in some other way.
  • Direct Marketing
    • 5.7 Nexgen may use or disclose Personal Information for the secondary purpose of direct marketing.
    • 5.8 Unless paragraphs 5.3 to 5.6 allow Nexgen to otherwise use Personal Information for direct marketing, Nexgen will only use Personal Information for direct marketing to you if:
      • it is not Sensitive Information;
      • it is impracticable for Nexgen to seek your consent before that particular use;
      • Nexgen will not charge you for giving effect to a request by you to not receive direct marketing communications;
      • you have not made a request to Nexgen not to receive direct marketing communications;
      • in each direct marketing communication with you, Nexgen draws to your attention, or prominently displays a notice, that you may express a wish not to receive any further direct marketing communications; and
      • each written direct marketing communication by Nexgen with you sets out Nexgen’s business address and telephone number and, if the communication is made by fax, telex or other electronic means, a number or address at which Nexgen can be directly contacted electronically.
    • 5.9 To avoid doubt, Nexgen will also comply with the Spam Act 2001 (Cth) and Do Not Call Register Act 2006 (Cth) in circumstances of direct marketing to you.
  • Life, Health and Safety
    • 5.10 Nexgen may use or disclose Personal Information if Nexgen reasonably believes that it is necessary to lessen or prevent:
      • a serious and imminent threat to an individual’s life, health or safety; or
      • a serious threat to public health or public safety.
  • Unlawful Activity
    • 5.11 Nexgen may use or disclose Personal Information if Nexgen has reason to suspect that unlawful activity has been, is being, or may be engaged in. However, Nexgen’s use or disclosure will be limited to that which is a necessary part of Nexgen’s investigation into the matter or in reporting Nexgen’s concerns to relevant persons or authorities.
  • Permitted by Law
    • 5.12 Nexgen may use or disclose Personal Information if Nexgen is permitted by law to do so. For example, Nexgen may disclose your Personal Information pursuant to:
      • a law enforcement request;
      • ccourt order or subpoena; or
      • its interception obligations.
  • Disclosure to Enforcement Body
    • 5.13 Nexgen may use or disclose Personal Information if Nexgen is permitted by law to do so. For example, Nexgen may disclose your Personal Information pursuant to an enforcement body (for example, the Australian Federal Police, ASIC, ACCC, police force etc.) if Nexgen believes that it is reasonably necessary for:
      • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
      • the enforcement of laws relating to the confiscation of the proceeds of crime;
      • the protection of the public revenue;
      • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
      • the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
  • 6. Data Quality
    • 6.1 Nexgen will review, on a regular and ongoing basis, its collection and storage practices to ascertain how improvements to accuracy can be achieved.
    • 6.2 Nexgen will also take reasonable steps to make sure that the Personal Information collected, used or disclosed is accurate, complete and current.
  • 7. Data Security
    • 7.1 Nexgen will take reasonable steps to protect the Personal Information it holds from misuse and loss and from unauthorised access, modification or disclosure. It will generally do so by:
      • restricting or limiting the access to Personal Information to those of its employees, agents or contractors who have a ‘need to know’;
      • removing access from employees, agents or contractors who no longer work for or with Nexgen or no longer have a ‘need to know’;
      • reviewing and resetting passwords which provide access to Personal Information with reasonable frequency; and
      • implement enhanced security access features to prevent unauthorised access, use or disclosure.
    • 7.2 Nexgen will take reasonable steps to destroy or permanently de-identify Personal Information if it is no longer needed for any purpose for which the Personal Information may be used or disclosed.
  • 8. Openness
    • 8.1 The Nexgen website will contain a prominently displayed link to this Privacy Statement.
    • 8.2 Nexgen will refer any person to this Privacy Statement if that person requests information on Nexgen’s policy on the management of Personal Information.
    • 8.3 On request by a person, Nexgen will take reasonable steps to let the person know, in general terms, what sort of Personal Information is held and the reasons for which that Personal Information is generally collected. Nexgen will also provide information, in general terms, in respect of how Nexgen holds, uses and discloses that Personal Information.
  • 9. Access and Correction
    • 9.1 1 If Nexgen holds your Personal Information, Nexgen will provide you with access on request to that Personal Information, in particular, so that you can verify the Personal Information is accurate, complete and current. If the Personal Information is not accurate, complete or current, Nexgen will take reasonable steps to remedy the inaccurate, incomplete or outdated Personal Information.
    • 9.2 However, Nexgen will not provide you with access to the extent that:
      • providing access would pose a serious and imminent threat to the life or health of any person; or
      • providing access would have an unreasonable impact upon the privacy of any other person; or
      • the request for access is frivolous or vexatious; or
      • the Personal Information relates to existing or anticipated legal proceedings between Nexgen and yourself, and the Personal Information would not be accessible by the process of discovery in those proceedings; or
      • providing access would reveal Nexgen’s intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
      • providing access would be unlawful; or
      • denying access is required or authorised by or under law; or
      • providing access activity; or would be likely to prejudice an investigation of possible unlawful
      • providing access would be likely to prejudice:
        • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
        • the enforcement of laws relating to the confiscation of the proceeds of crime; or a prescribed law; or
        • the protection of the public revenue; or
        • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
        • the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders; by or on behalf of an enforcement body; or
      • an enforcement body performing a lawful security function asks Nexgen not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
    • 9.3 Additionally, if providing access would reveal evaluative information generated within Nexgen in connection with a commercially sensitive decision-making process, Nexgen may give you an explanation for the commercially sensitive decision rather than direct access to the information.
    • 9.4 Nexgen reserves the right to charge a fee for searching for and providing access to your Personal Information (except if any other law prohibits Nexgen from charging a fee). In any event,
  • 10. Anonymous Transactions
    • 10.1 Nexgen will allow its customers to transact with it anonymously wherever that is reasonable and practicable.
  • 11. Transferring Personal Information Overseas11.1 Nexgen may transfer Personal Information outside of Australia where Nexgen considers that it is necessary or desirable to do so. However, Nexgen will not transfer your Personal Information outside of Australia unless any of the following circumstances exist:
    • Nexgen reasonably believes that the recipient of the Personal Information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles contained in the Privacy Act 1988 (Cth); or
    • you consent to the transfer; or
    • the transfer is necessary for the performance of a contract between Nexgen and yourself, or for the implementation of pre-contractual measures taken in response to the your request; or
    • the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Nexgen and a third party; or
    • all of the following apply:
      • the transfer is for your benefit;
      • it is impracticable to obtain your consent to that transfer;
      • if it were practicable to obtain your consent, you would be likely to give it; or
    • Nexgen has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles contained in the Privacy Act 1988 (Cth).