Generate summary with AI

If the words STIR/SHAKEN make you think about James Bond, martinis, and not much else… you’re not alone! But in today’s world, where robocalls are the norm and fraudulent calls cost the American public $29.8 billion in 2020 alone, STIR/SHAKEN might be the answer.
What exactly does STIR and SHAKEN mean?
STIR is an acronym for Secure Telephone Identity Revisited, while SHAKEN stands for Signature-based Handling of Asserted Information using Tokens.
Together, they are a set of technology protocols that authenticate caller ID to ensure that you and your customers know the real identity of whoever is at the other end of the line. When implemented, STIR/SHAKEN validates that the phone number is accurate as displayed on the caller ID and signs off on the legitimacy of the call.
Why do I need to know about STIR/SHAKEN?
For one thing, if you work in the U.S., compliance matters. The Federal Communications Commission (FCC) rules dictate that all voice service providers must have implemented STIR/SHAKEN by June 2021 or prove they are taking action to protect customers against illegal robocalls. Not only that, but if providers are using legacy network technology that doesn’t use IP networks, you need to be working toward onboarding a caller ID authentication solution that works for these networks, too. If you’re working with a VOIP provider, it’s important to ask them where they are on their STIR/SHAKEN roadmap.
What are the practical risks of ignoring STIR/SHAKEN?
Without a caller ID authentication solution, you can’t trust the name that displays when you get an incoming call. Hackers often spoof the calling number of outbound calls, either to numbers that are contextually meaningful to you – like a friend, family member, or neighbor – or, more frighteningly, to official names and numbers like the IRS, your bank, or a legal firm.
When these robocalls come through and warn you of a fake threat, such as a compromised bank account or intended legal action, fear makes it very likely that you will “press one and enter your PIN”. This creates a potential entry point for cyberattacks, putting your network at risk
How does STIR/SHAKEN work?
The technology behind the STIR/SHAKEN protocols relies on digital certificates. Every telephone service provider has their own digital certificate, issued by a registered authority. They receive a SIP INVITE and look at the call source and the number itself, giving it one of three ratings:
- Full attestation (A): The calling party has been authenticated and can use the calling number.
- Partial attestation (B): The service provider knows where the call is coming from but can’t verify whether or not they can call that number.
- Gateway attestation (C): The location the call is coming from can be authenticated, but not the source itself (e.g., an international call).
This information is then put into a SIP Identity header, including the number, timestamp, attestation rating, and origination identifier. This is sent directly to the terminating telephone service provider, which either takes or refuses the call.
What are the business benefits of STIR/SHAKEN?
Once you’ve understood the technical details, the business benefits become clear. Ultimately, it’s all about keeping end users secure and enhancing confidence when you pick up the phone.
Here are the main reasons why these protocols are important:
- Reducing spam calls: Spam calls disrupt your workflow and may trick you into making poor decisions.
- Limiting robocalls: Robocalls are not only annoying but can also be malicious, tricking recipients into falling for scams.
- Protecting your network: Fraudulent calls can lead to security breaches. It takes only one employee to fall for a scam to put an entire business at risk. For MSPs, this risk extends to client networks.
What about non-IP network calls?
STIR/SHAKEN can help with IP calls, but it’s not foolproof, and what about other forms of communication? Here are some best practices to give your clients, colleagues, and for yourself:
1. Don’t answer calls from unknown telephone numbers, and never return a phone call from an unknown number if you see that you’ve missed it. Connection fees alone could cost you dearly.
2. Use the FTC’s National “Do Not Call” Registry, or similar for your location. Although this can’t stop calls originating from everywhere, it will stop legitimate cold calling and telemarketing calls.
3. Slow down and ask informed questions to make sure they are legit, hang up and call the official website-vetted number back to check that a deal is real, and never ever act out of coercion or fear – just hang up if you think something isn’t right.
4. Watch what you say and never hand out personal or financial data, even if the caller tells you they need to confirm it with you. Even if the caller ID shows you you’re speaking to a legitimate contact, be aware that these are not foolproof, and they can be spoofed.
If you’re interested in how Atera protects your customer or corporate environments from other kinds of security threats – check out our integrations with top of the line security vendors from Bitdefender to Webroot.
Conclusion
In today’s digital landscape, where fraudulent calls and robocalls pose significant threats, adopting STIR/SHAKEN protocols is no longer optional—it’s essential. These technologies not only protect businesses and individuals from scams but also foster trust and security in communication networks. By implementing STIR/SHAKEN and following best practices for handling unknown calls, you can safeguard your organization, your employees, and your clients from potential risks.
Ready to take your security a step further? Explore Atera’s robust integrations with leading security solutions like Bitdefender and Webroot to protect your network from every angle. Contact our sales team to request a demo!
Frequently Asked Questions
Related Articles
DRAM vs. SRAM: Pros, cons, and 7 feature comparison
They’re both part of RAM and they both provide volatile memory—but which is the better option for you? Here’s a side-by-side comparison of DRAM vs. SRAM.
Read nowManually re-enable Windows automatic updates
Learn how to manually re-enable Windows automatic updates in a few easy steps to ensure your system stays secure and up to date.
Read nowThe 9 best MSP billing software for streamlined invoicing in 2024
What is the best MSP billing software? This article examines the best options, analyzes their key features, and discusses the pricing plans.
Read nowHow to delete or reduce pagefile.sys?
Learn how to safely manage, delete or reduce large pagefile.sys files to improve Windows performance and free up storage space.
Read nowEndless IT possibilities
Boost your productivity with Atera’s intuitive, centralized all-in-one platform