Chancellor Philip Hammond vows to tackle cyber criminals.

Phillip Hammond, the Chancellor of the Exchequer, has used his keynote speech at Microsoft’s Future Decoded event to launch a new National Cyber Security Strategy and “strike back” against cyber criminals.

Whilst we applaud the Chancellor's approach and the government investment, I urge all small businesses to take responsibility for their own house and make it a "brick" one!

Part of this strategy can include making sure all types of access into your business is secure, and particularly at this time of year that includes your phone system. If you are the size of business that has its own phone system (PBX) please take the basic steps below to mitigate your phone hacking risk this Christmas.

During public holidays the industry sees an increase in PBX hacks. This is primarily due to fraudsters attempting to take advantage of empty premises, or reduced business operations, such as the internal spend and usage monitoring.  The threat of hacks are too significant to be ignored. 

TalkTalk Business recently commissioned research with Censuswide which indicates that over a quarter of businesses have fallen victim to a PBX hack in the last 5 years with the average cost of the attack reaching over £12,000 *  and the perpetrators are not always easy to catch!

To help you increase your PBX security and fight to prevent financial loss, check out these 11 top tips:

  1. Lock down international and premium rate access if this type of calling is not going to be required.
  2. Remove all default password settings on your PBX and ensure limited access to any maintenance ports. 
  3. Change passwords and access codes regularly and create longer passwords using both alpha and numeric. Avoid 000, 1234 and extension numbers.
  4. Consider limiting call types by extension - if a user has no requirement to ring international or premium rate numbers then bar access to them.
  5. Review any DISA (Direct Inwards System Access) settings and control or deactivate – this is typically used to allow employees to dial in from home to make outbound calls (usually high value call types – mobile and international in particular) via the company PBX .
  6. Secure the system physically - site it in a secure communications room and restrict access to that area. 
  7. Regularly review call usage - analyse billed calls by originating extension and identify irregular usage.
  8. Ensure you fully understand your systems functionality and capabilities and restrict access to those services which you do not use. 
  9. Block access to unallocated mailboxes on the system and change the default PIN on unused mailboxes. 
  10. Be vigilant for evidence of hacking – not being able to obtain an outbound line is usually a good indicator of high volumes of traffic through your system. 
  11. Check for calls outside of business hours. Assess security of all PBX peripherals and applications: platform, operating system, password and permissions scheme. 
  12. Carefully evaluate the security of any on-board remote management utility (e.g. PC Anywhere).

Lastly, I hope you have a great Christmas and prosperous New Year, should you have any questions for our Fraud team you can get in touch directly by contacting

*TalkTalk Business & Cenuswide Next Generation Voice Survey (1,000 participants)