Without a rethink and some serious security protocol implementations, VoIP will find it difficult to make inroads into the lucrative commercial market. It is this aspect that VoIP providers are now focusing their efforts on, rather than the clarity of calls, for example. VoIP security needs to be addressed as part of the overall context of Internet security. At present, private branch exchanges (PBX) are replaced by server-based IP PBXs running on the ubiquitous Microsoft Windows operating system. This system has shown itself to be vulnerable to attack from hackers and an attack on a VoIP server could result in the loss of potentially sensitive data. Therefore, it is important that equipment is properly protected, and the best way for the individual user to have this assurance is to use a legitimate VoIP provider.