However, there are risks. VoIP affects technology's greatest invention and mission-critical application: the telephone. Here are 10 steps for a successful VoIP rollout:
- Plan ahead. Do a network audit and perform a needs assessment before calling in consultants and vendors. Consider the network holistically. Any endpoint or PC can be a weak link.
- Make sure PC and server security are up to date. LAN and wide area network hygiene is an important foundation for VoIP.
- Update all operating systems on all networked devices and endpoints. Don't forget handhelds and mobile phones running Windows CE, Palm OS, etc.
- Roll out in phases. Pilot first, then increase VoIP footprint as you get more comfortable.
- As you upgrade network switches and other gear, install VoIP-capable wares even if immediate plans do not call for VoIP.
- Make sure employees are aware of social engineering techniques used by phishers and spammers in the data world. They will spill over into VoIP as the installed base grows.
- Talk to peers who have implemented VoIP or are further along in the process than you.
- Set expectations correctly. While there will be cost savings, many current users say the real benefit is in new functions, features and flexibility.
- Remember regulations. If you are bound by the Health Insurance Portability and Accountability or Sarbanes-Oxley acts, or other regulations, make sure they figure into your planning.
- Set up virtual private networks for secure transmissions among remote locations and the home office. Be aware if employees are sending data over unsecured lines.
To sum up, in the VoIP world, just as in data networks, common sense goes a long way. Many security vulnerabilities can be mitigated by continually updating software on clients and servers. Simple things like mandating long, hard-to-guess alphanumeric passwords help, as can always-updated antivirus, antispam and encryption protections.
Perhaps as important is the need to keep workers -- all workers, especially those who telecommute -- educated about the "social engineering" tactics used by fraudsters. The same social savvy that sparked the "I Love You" bug a few years back could be used to great effect in the VoIP world, but not if employees of midmarket firms are too smart to fall for it.
Barbara Darrow, a Boston-area freelance journalist.
This was first published in November 2007