Voice over IP (VoIP) is becoming increasingly popular as corporations learn they can use their broadband infrastructure to save money on phone bills. But the potential threats from VoIP are still unclear, and companies trying to save a buck could find that they’ve exposed themselves to far greater problems.

That’s a warning the Federal Deposit Insurance Corporation (FDIC) is giving to financial institutions. In a recent guidance, the FDIC warns that “VoIP is susceptible to the same security risks as data networks if security policies and configurations are inadequate.”

Possible risks include viruses, worms, Trojan horses, and man-in-the-middle attacks, as well as denial-of-service attacks, eavesdropping, and toll fraud.

The group recommends including VoIP in an organization’s risk assessment and notes that giving status reports to the board of directors is mandated by the Gramm-Leach-Bliley Act. It also suggests using VoIP-ready firewalls and encryption, and implementing physical controls.

The FDIC guidance and an informational supplement on VoIP are below.VoIP1105.pdfVoIP_supplement1105.pdf