| Most businesses Telephone Systems have a | | | | to you that DISA is not active. This means your |
| feature called Direct Inward System Access or | | | | technician must show you on the computer that |
| DISA for short. This feature allows authorized | | | | this feature is either not available or that it has |
| users to dial a special number into your telephone | | | | not been programmed for any reason. This should |
| system and then either dial extension numbers | | | | be checked at least once a year.3) If your |
| directly or outside numbers utilizing your | | | | telephone system allows an outside line to be |
| company's less expensive long distance trunks | | | | connected to another outside line without or |
| and services.A word of advice: If you are using | | | | without internal supervision, carefully consider why |
| DISA - Stop it!There is a tremendous security risk | | | | you need this feature. There may be perfectly |
| associated with DISA that could cost your | | | | valid reason to forward external callers to outside |
| company thousands of dollars. As far as your long | | | | lines but you should closely evaluate your options. |
| distance provider is concerned, you are | | | | If you decide you do not need this feature, not |
| responsible for the cost of any call originating | | | | only you're your service provider disable it, but |
| from your telephone system even if the call is | | | | also work with your technician to have them |
| fraudulent.Ideally, this is how DISA works:An | | | | prove to you it has been disabled. This may mean |
| authorized external caller or employee needs to | | | | having the technician set the feature up, |
| call a customer that would be a long distance call. | | | | demonstrate how it works, disable it and |
| Rather than paying for the long distance call on | | | | demonstrate how it no longer works.4) Be sure |
| their bill, he or she dials into your PBX, enters a | | | | your Voice Mail system does not have a Class Of |
| security code then dials his long distance call. The | | | | Service or Class of Restriction that allows it to |
| call then uses your long distance carrier and the | | | | transfer callers or even make outside calls. Some |
| caller does not have to expenses back the call. In | | | | voice mail systems have the ability to transfer |
| most cases the call is cheaper this way also.But in | | | | callers to outside telephone lines. Again outside |
| the real world it really works like this:Someone | | | | transfers should be blocked. But also there is |
| finds or acquires your DISA number by one of | | | | often requirements for voice mail to alert cell |
| several means: shoulder surfing, finding documents | | | | phones that a message has arrived in the users |
| careless about or by one of several software | | | | business telephone mailbox. If you use cell phone |
| programs designed to find such things. A working | | | | message waiting notification, be sure to verify |
| account code is discovered using the same | | | | with your PBX or key system service provider |
| methods. Once a valid number is found, the caller | | | | that all ports on the voice mail system only have |
| has nearly unlimited access to your long distance | | | | the ability to call within your local zone. There is |
| services.Many times this information is used to set | | | | typically no reason for any port on a voice mail |
| up "call centers" that will use your system to allow | | | | system to have the ability to make international |
| people to make calls to whatever county they | | | | or even national calls. Again, and I stress this, be |
| like. These calls can add up to thousands of dollars | | | | sure to have your service provider prove these |
| in a very short period of time - even as short as | | | | things to you.5) Basic telephone system toll fraud |
| a day or weekend your company is on the hook | | | | security audits should be done at least once a |
| for the cost.In this day and age we must also be | | | | year. Often, many different people will be |
| concerned with terrorism. No one wants to be | | | | programming in your system, activating and |
| the medium that allows terrorist to communicate. | | | | deactivating features. These individuals each come |
| But certainly that is a real possibility and the calls | | | | with varying degrees of skills and security |
| becomes more difficult for National Security to | | | | concerns. It is imperative that you as a business |
| track.Since the early years of my career, I have | | | | owner or someone responsible for your telephone |
| seen at least one case personally, and heard of | | | | system verify that proper security measures |
| many others, where a PBX technician set up a | | | | have been take.Remember this when asking for a |
| DISA number and authorization code and turned | | | | new feature: even though you may not be aware |
| the customers PBX into his own personal long | | | | of a feature that compromises your service, you |
| distance service. In this case, the cost may be | | | | are still responsible for the bills - even the |
| minimal but you are still paying for the call.Here | | | | fraudulent calls. Therefore always ask your |
| are my specific recommendations for telephone | | | | service personnel if what they are doing may |
| system owners.1) If you are using DISA - switch | | | | compromise security in anyway. Not only does |
| to prepaid calling cards or (and especially) if the | | | | this question help you understand the toll fraud |
| user is making calls from his or her home office, | | | | security risk involved in what you are asking your |
| offer a monthly stipend for long distance service. | | | | technician to do, but it will also make your |
| Residential long distance service can be found for | | | | technician more conscience of the fact that you |
| as little as 1.6 cents per minute and cost of | | | | are expecting him or her to ensure security.Ralph |
| prepaid calling cards has fallen dramatically. Now | | | | Nelson Willett is a Voice Telecommunications |
| the risk is limited to the cost of the card. You | | | | Specialist with over 20 |
| could also considering adding a VoIP line to the | | | | years in the industry. |
| uses home for as little as $20 per month.2) Have | | | | Visit for more. |
| your telephone system service provider PROVE | | | | |