Key takeaways

  • A VoIP provider with built-in Transport Layer Support (TLS) and Secure Real-time Transport Protocol (SRTP) is a must-have for protecting business data.
  • Any business considering using a VoIP solution that routinely uses emergency services must consider using a hybrid VoIP solution, allowing traditional landlines to remain active in the office.

Any communication technology that uses an internet connection is susceptible to a cyberattack, and a hosted voice-over-internet-protocol (VoIP) system is as vulnerable as any IT device that uses the internet to conduct business. 

This article reviews a hosted VoIP system, how a hosted VoIP operates, and what security and encryption resources are available to protect a hosted VoIP system conducting business over the internet. Before diving into VoIP security, it’s crucial to fully understand the chain a call goes through before connecting on the other end.

Review of a hosted VoIP system

A hosted VoIP system uses VoIP software to establish an internet connection to communicate with VoIP and traditional landline phones. A hosted VoIP system does not require any on-premises phone equipment other than a VoIP phone and a modem to convert analog signals to digital signals for any remaining traditional phones still used in an office. A VoIP system offers several advantages over traditional landline phones besides cost savings.

Are there other types of VoIP services?

Other types of VoIP services are available. Each is designed to meet a specific requirement.

In-house VoIP system

An in-house VoIP system is maintained and supported by the business using the VoIP services, including absorbing the operational cost. A hosted VoIP system is a cloud-based service that a service provider supports and maintains. In-house VoIP systems lower calling costs versus traditional calling rates, but operational costs are still a factor. 

Hybrid VoIP systems

Hybrid VoIP systems are supported by the business, like an in-house VoIP system. Hybrid VoIP solutions can be used when internet connectivity is not consistently stable, allowing companies to use traditional landlines when internet connectivity is suspect.

An in-house or hybrid VoIP solution is used when companies want complete cybersecurity control over business proprietary information.

How does a hosted VoIP system work?

VoIP outgoing calls in an office go through the router to access the internet. The VoIP call may go through several routers and switches before it reaches the VoIP services provider’s equipment. The service provider’s equipment forwards the digital data to the intended VoIP phone that converts the digital data back to an analog signal so the caller and callee can converse.

VoIP phones are digital devices requiring digital-to-analog converters before two VoIP phones allow two people to communicate.

What are the vulnerabilities, threats, and risks associated with a hosted VoIP system?

A hosted VoIP system and all its components are just as vulnerable as any other digital device that uses the internet. 

There are vulnerabilities and risks associated explicitly with attacking VoIP systems and cyber threats that can attack VoIP systems similarly to IT devices. Voice-over IP security is just as important as IT network security. Here are some common ways VoIP systems are attacked:

  • Toll fraud: This occurs when a hacker attempts to access a VoIP phone to make fraudulent calls that are generally more expensive than local or domestic calls.
  • Spam over IP Telephony (SPIT): SPIT is similar to a SPAM email over a business network, except it’s a phishing call that allows a hacker to pretend to be a bank representative in an attempt to obtain personal information, such as credit card information, bank account numbers, or a password.
  • Call tampering: This takes place when a hacker tries to disrupt live calls, potentially leading to poor call quality or long delays while hackers try to access data.
  • Eavesdropping: This is when hackers intercept conversations and listen without being detected.

Other VoIP vulnerabilities that can expose a business to potential cyber theft or attack are misconfigured VoIP phones and authentication errors that can negate VoIP phone security that is put in place. Some of the shared vulnerabilities and risks that VoIP and IT devices share are Denial of Service (DoS), malware, worms, and virus attacks, which can impede VoIP phones’ security features.

What are some tips and best practices for protecting a hosted VoIP system?

Consistently applying best practices is one of the easiest ways to help minimize or eliminate cyber security attacks, and it begins with updating a hosted VoIP system regularly and educating employees on best VoIP security practices. Listed are some other tools and tips a security team can use to protect a VoIP system:

  • Select a secure VoIP provider: Use a VoIP provider that uses Transport Layer Support (TLS)and Secure Real-time Transport Protocol (SRTP).
  • Multi-factor authentication: This requires a multi-step process to log into a valid account, which can be a PIN, smart card, or fingerprint.
  • Encrypting data packets: This is the process of encrypting data packets before information is transported over the network.
  • Disable international calling: If international calling is not used, turn off this calling option.
  • Use a Virtual Private Network (VPN): Remote working employees must use a VPN connection.
  • Execute routine security audits: Regularly scheduled security audits ensure the best security practices are implemented and functioning correctly to minimize security threats.
  • Remote device management: Use remote device management to monitor devices connected to a VoIP system.
  • Use complex passwords: Use passwords that contain capital letters, numbers, and special characters with a length of no less than eight characters.

Is VoIP Secure?

When the best security practices and tips are applied to a VoIP system, businesses will reap the benefits of a secure VoIP phone system. An official audit can be scheduled quarterly or annually to verify the integrity of a secure VoIP system, ensuring no complacency has led to a lapse in the best security practices.

Businesses will see the benefits of VoIP security when these best practices are constantly applied.

How is hosted VoIP different from other communication technology?

A hosted VoIP system and non-hosted VoIP systems use protocols that transfer audio and video data in real time better than HTTP. VoIP communications channels use a mix of real-time and on-real-time communication channels for conferencing, voice calls, video calls, and instant messaging. VoIP systems can work with IT devices outside an office because the analog signal is converted to digital data before it leaves the office. 

A hosted VoIP system separates itself from other VoIP systems because it is a cloud-based solution. Unlike other VoIP solutions, a service provider fully supports a hosted VoIP system. VoIP technology also differs from cellular phone services as VoIP calls are conducted over the internet. In contrast, cellular phone services use a mobile network, though a cellular phone can receive calls from VoIP phones and make calls to VoIP phones.

What are the pros and cons of a hosted VoIP solution?

Hosted VoIP benefits are numerous and generate cost savings in multiple ways. Conversely, there are some cons associated with a hosted VoIP solution that can impact business operations, of which an interested business must also be aware.

Pros of a hosted VoIP system

  • Cost savings: Using a hosted VoIP system eliminates equipment costs, removes telephone and wiring expenses associated with Plain Old Telephone Service (POTS), and reduces the long-distance bill.
  • Advanced VoIP features
    • Call transfer allows a user to forward calls to a mobile number or landline phone.
    • Call park lets a user park a call and pick it up on another device configured within the VoIP phone system.
    • Call whispering enables a manager to hear a conversation between an agent and a customer without their knowledge.
    • Call routing allows users to connect to any phone or device in a VoIP system globally.
    • Call analytics uses Artificial Intelligence (AI) to collect, measure, and analyze phone call statistics.
  • Mobility: Mobile devices can be used as VoIP endpoints, allowing employees to work remotely or on business trips without an additional device.
  • Scalability: VoIP systems can quickly scale without purchasing additional hardware.
  • Flexibility: This lets users easily support multitasking.

Cons of a hosted VoIP system

  • Cyber security vulnerabilities: Some VoIP systems do not provide secure transmission, making them susceptible to private calls being intercepted.
  • Unreliable internet services: The connection may not always be stable enough to conduct routine business.
  • Location tracking: This is not conducive to accurate location tracking for emergency calls.
  • Network jitter: This can cause delays and latency, disrupting phone calls.
  • Compatibility: Fax and alarm systems are typically incompatible with VoIP systems.

What type of businesses benefit the most from using a hosted VoIP system?

A hosted VoIP system used in the right business environment generates cost savings and improves overall business operations. Businesses with employees in vehicles providing customer service will benefit from using a VoIP system. 

Utility companies that deploy technicians throughout the city to maintain a city’s electrical power, water, and sewer are prime candidates for a VoIP system. Some other types of businesses include:

  • Courier and package delivery services
  • Limousine transportation services for clients
  • Hospitality services
  • Businesses in E-commerce
  • Construction
  • Catering
  • Public transportation
  • Customer Service

Any business requiring employees to perform assigned duties offsite or requiring 24/7 customer service operations will benefit from using a hosted VoIP system.

Who shouldn’t use a hosted VoIP solution?

First and second responders that need to respond to a 911 call will be hampered by a VoIP system.   Emergency responders need to get to a specific address as fast as possible, and a potential wrong address could hamper the response time. 

Any business in a rural area with unstable internet connectivity can expect an impact on daily business operations. Businesses in rural areas considering using a VoIP solution should explore a hybrid VoIP solution to combat such concerns.

Choosing the right hosted VoIP solution for your business?

No company wants its data compromised regardless of the type of business using a VoIP solution. Therefore, the first criterion is ensuring a potential VoIP solution is a secure VoIP system that uses TLS and SRTP. Secondly, as a business, you want to be sure the best security practices are implemented and updated annually. 

A Service Level Agreement (SLA) can specify a third-party security audit to ensure the expected security levels are still implemented, and data is appropriately protected using best security practices. You also want to understand backup and recovery options, as well as the options available if internet connectivity is inconsistent.

What advanced features come as standard options, and what features do you need that are not a part of the standard package? The cost of subscription packages and customer service availability are general questions every potential business should ask if they consider using a VoIP solution. 

Every business is a little different, so the general idea is to ensure a VoIP solution will meet or exceed your business needs, which may require multiple participants from each department to capture the holistic requirement for your organization.

Looking for the right solution for your business? Read our comprehensive VoIP Software Buyer’s Guide for all of the top solutions.

TechnologyAdvice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don’t pay us.

Featured Partners: VoIP Software


VoIP services can support HIPAA or Payment Card Industry (PCI) compliance requirements by configuring proper security measures and procedures, such as encryption, a virtual private network (VPN), or TLS. Some VoIP service providers are HIPAA and PCI-compliant, like Vonage.

Most alarms do not integrate into a VoIP system, but if it is a must-have requirement, you can contact the alarm company and explore the available options.

VoIP systems are mandated to work with emergency 911 services, but an address provided in a VoIP system may not be the caller’s actual location. Callers must provide a physical address if not at the address captured in the VoIP database.

Yes, there are free VoIP providers that provide VoIP services.