Appendix A: Customer Support Information
Educating Users
Everyone in your company who uses the telephone system is responsible for
system security. Users and attendants/operators need to be aware of how to recognize
and react to potential hacker activity. Informed people are more likely to cooperate
with security measures that often make the system less flexible and more difficult
to use.
- Never program passwords or authorization codes onto Auto Dial buttons.
Display telephones reveal the programmed numbers and internal abusers can
use the Auto Dial buttons to originate unauthorized calls.
- Discourage the practice of writing down barrier codes or passwords. If
a barrier code or password needs to be written down, keep it in a secure place
and never discard it while it is active.
- Instruct operators and attendants to inform tell their System Manager whenever
they answer a series of calls where there is silence on the other end or the
caller hangs up.
- Advise users who are assigned voice mailboxes to frequently change personal
passwords and not to choose obvious passwords.
- Ensure that the System Manager advises users with special telephone privileges
(such as Remote Access, Outcalling, and Remote Call Forwarding) of the potential
risks and responsibilities.
- Be suspicious of any caller who claims to be with the telephone company
and wants to check an outside line. Ask for a callback number, hang up, and
confirm the caller's identity.
- Never distribute the office telephone directory to anyone outside the company;
be careful when discarding it (shred the directory).
- Never accept collect telephone calls.
- Never discuss your telephone system's numbering plan with anyone outside
the company.
