Securing your communication systems is crucial in today’s digital landscape. With the increasing prevalence of cyber threats, it’s imperative to have robust security plans in place for your 3CX system. In this comprehensive guide, we will delve into the various aspects of 3CX security plans. Continue reading to find out the enhanced security measures that are going to protect your valuable data.
Understanding the Importance of Security Plans
Security plans play a pivotal role in safeguarding your 3CX system from potential threats and vulnerabilities. By implementing effective security measures, you can mitigate the risk of unauthorized access, data breaches, and other malicious activities. A solid security plan provides a strong defense against cybercriminals and ensures the confidentiality, integrity, and availability of your communication infrastructure.
3CX is focused on implementing these 7 actionable steps to secure and strengthen their network security:
1. Hardening Multiple Layers of Network Security
- Rebuilding the network starting with a dedicated build environment that’s hardened and isolated
- Implementing new EDR monitoring tools
- Employing offsite 24/7 monitoring – staffed by threat hunting specialists
- Stricter access control policies at all levels on a Zero Trust model
- Working closely with Mandiant to implement Remediation Plan Recommendations
2. Revamping Build Security
- Increased static and dynamic code analysis – their code is scanned before each commit, looking for code quality issues and vulnerabilities across the entire Phone System project – including the Web Client.
- Code signing and monitoring solutions – they are evaluating possible code signing and monitoring solutions to ensure that software is not modified.
3. Ongoing Product Security Review with Mandiant
- 3CX is working in conjunction with Mandiant to complete a product security review to identify vulnerabilities across the 3CX product line
- This includes the Web Client, Electron app, as well as our internal API and communication libraries.
- Once identified 3CX will update any vulnerabilities discovered
4. Enhancing Product Security Feature
Releasing update 7A following numerous checks and reviews which included:
PWA as a preferred option for more customers:Adds BLF panel to PWA app dialer
Support for Tel Protocol (Update 8)
See our detailed comparison here
Removal of password from welcome email
Lock down of Web Client by IP – for system admin or all users
A number of vulnerabilities will be addressed
They have updated their near-term product roadmap to include a version of their native windows app that can be installed from the Microsoft Store. This automatically adds a level of security as well as automatic updates and quarantine if necessary. There are plans to add additional security updates such as 2MFA for non SSO installs. More details along with the roadmap to be released soon.
5. Performing Ongoing Penetration Testing
- 3CX is entering into agreement consultations with an established pen testing company to perform regular testing of their network, online web applications, and products.
6. Refining our Crisis Management and Alert Handling Plan
- 3CX strengthened their information sharing over social media, increasing community engagement. This included two-way communications over our blogs and dedicated forum as well as an increase in 3CX’s followers on Twitter and LinkedIn.
- They have been commitment to transparency and it has no doubt been appreciated.
- Going forward, they will also formalize a crisis management and alert handling plan to build upon the lessons learned.
7. Establishing a New Department for Network Operations and Security
- A dedicated and focused department has been created focused on network operations and security.
- This department ‘Network Operations & Security’ will be headed up by Agathocles Prodromou who brings almost 20 years experience in IT and Security domain.
- Agathocles will directly report to the CEO ensuring a direct line of open communication as they continue to review and improve the security program
Be sure to read 3CX article for more information regarding partner and customer offers, as well as any updates https://www.3cx.com/blog/news/security-plans/
Since 2009, WhichVoIP.co.za has helped thousands of South African businesses to make better buying decisions for phone systems, VoIP, and connectivity. During this time, we’ve facilitated the connection of 45 000+ users through our network of 500+ telecom providers in our directory.