The PSTN Switch Off, VoIP and the cybersecurity threat to SMEs

The PSTN (Public Switched Telephone Network) Switch Off means that companies across the UK are preparing to swap out their analogue telephone systems. By December 2025, any business that still relies on analogue communications technology and copper wire services will be cut off.

The impact of the PSTN Switch Off

It isn’t just about your phone lines, either. The PSTN Switch Off can impact broadband connections, handheld payment devices, emergency alarms, door entry systems and much more.

As a result, you’ve probably been hearing a lot of chatter about Voice over Internet Protocol (VoIP), Unified Communications (UC), digital switchover and full-fibre broadband.

If you take a joined-up approach to the PSTN Switch Off, there’s a big opportunity wrapped up in the acronyms. That’s because, due to continuous technological advancements, today’s digital communication solutions offer excellent quality, more features and the ability to integrate your business systems.

They’re likely to be cheaper than their analogue counterparts, too. You could improve business efficiencies, become more effective in your chosen marketplace, and enhance the customer experience.

But there’s one element of the PSTN Switch Off that isn’t getting as much profile. And that’s the cybersecurity threat.

Why is VoIP security management so important?

Despite all the business benefits that VoIP can deliver, VoIP systems can also present a big attack surface for cybercriminals. If your VoIP system is vulnerable, you could be giving hackers the keys to your confidential company data.

Not only will they be able to disrupt your communications, they may be able to gain access to other systems and cause you untold financial and reputational damage.

None of this means you should avoid implementing a VoIP solution. But it does mean you need to be aware of the cybersecurity risk and take steps to protect your business, employees and customers.

What are the most common VoIP cybersecurity threats?

To be able to defend your business against cyberattacks, you need to know what you’re up against. Here are some of the most common VoIP security threats:

• Phishing attacks use social engineering techniques to trick your employees into clicking malicious links or downloading software that harvests confidential information, logins and passwords. A VoIP phishing attack, also known as ‘Vishing’, involves scammers using phone numbers similar to those of legitimate organisations. They leave a message about suspicious activity and when the victim responds, they are asked to verify their identity and disclose confidential information.
• Malware is usually a direct consequence of falling for a phishing attack. A malicious program or code can cause a wide range of system interruptions and errors. It can sabotage valuable information, shut down all your communication systems and even hold your business-critical data to ransom.
• Distributed Denial-of-Service (DDoS) attacks are designed to shut down an entire network. These attacks work by hackers sending your VoIP system high volumes of data, such as spam phone calls, which then trigger a wider system crash.
• Call tampering is where hackers disrupt your live calls, reducing the audio quality, introducing long delays or creating total silence. This is done by preventing the delivery of your audio data packets or injecting noise packets into the communication stream.
• Spamming over Internet Technology (SPIT) attacks is a component of some of the threats that we’ve already mentioned. SPIT attacks involve spammers sending audio messages to thousands of IP addresses in an effort to infect, overwhelm or phish for information.
• Man-in-the-Middle (MITM) Attacks where an attacker intercepts message traffic and then pretends to be either the caller or the intended call recipient. Once an attacker has gained this position, they can record or modify calls to gain access to your confidential data.

How can I protect my business from VoIP-based attacks?

All those VoIP cybersecurity threats may seem daunting, but now you know what you’re up against, you can do something about it. Here are our top tips for keeping your VoIP system safe and secure:

• Educate your employees because they are usually your weakest link. You can have all the right safeguards in place, but it only takes one employee to click on a suspicious link or get fooled by a MITM attack.
• Disable any unnecessary features as they could create loopholes. If you’ve got the spec right on your VoIP system, you shouldn’t be paying for any unnecessary features. However, if you have, make sure you disable them to reduce the risk of attack.
• Update firmware and apps regularly to make sure everything in your business is running on the latest secure version.
• Use encryption so your data is protected even further. Even if it’s intercepted, encrypted data cannot be decoded and accessed by anyone other than the intended recipient.
• Test your VoIP network regularly to ensure it continues to stay safe against cyberthreats and hackers.
• Adopt a Zero Trust approach, which is a framework that assumes every component and connection is hostile by default. From there, only validated connections are then allowed. Zero Trust Architecture (ZTA) is the most effective way to ensure VoIP security. It’s worth taking a closer look at ZTA and asking your supplier about it.