As your on premise PBX is part of your IT Network, it makes sense to protect it in the same way as any other important IT equipment, ie your PC’s Servers etc.
- The PBX’s Physical security – can it be tampered with?
- Password protection, particularly on voicemail boxes – this is the most common way fraud occurs
- Secure remote access, etc. Check with your IT provider SIP trunks etc are secure.
In practice the most effective measure is to appoint an overall ‘owner’ who has ultimate security responsibility for the PBX system. This is particularly important when responsibility may be unclear, e.g. who is responsible for fraud prevention when the PBX is not owned but leased, the maintenance is provided by a third party and connectivity supplied by via several different communication service providers?
Next, disable functionality that is not required and lock down access to ensure those services cannot be re-enabled without system owner authority. If you can’t do this yourself, use someone with IT Security skills.
Finally, monitor PBX traffic and ensure a timely response to alarms or unusual behaviour.