Businesses with voice mail systems should take several steps to protect themselves:
• Ensure employees change manufacturers’ default passwords.
• Program voice mail systems to require passwords with at least six characters.
• Encourage employees not to use easily-guessed passwords such as their phone numbers, local number, or simple number combinations such as 1111.
• Never set passwords to a telephone’s local number when assigning a phone to a new employee.
• Program voicemail systems to force users to alter their passwords every 30 – 90 days.
• Remove unassigned mailboxes.
• Consider whether through-dialing is needed, and if it should be disabled. Through dialing allows employees to call their mailboxes from offsite and dial long distance on their work line. If this feature is used, generate and monitor daily through-dialing reports to ensure mailboxes are not being hacked.