Manage usage by need: further to the above, consider each user account individually, and enable exactly what is needed and nothing more. If someone has no need to call a particular country, for example, lock it down - you can easily add services if that user's needs change, and in the meanwhile they cannot be tricked into calling a scammer's number there.
Monitor actively. Review your call logs and set alerts to ensure your usage remains within expected parameters. Sales people need to make a load of outbound calls, an administrator maybe fewer… So, something is amiss, if they are suddenly hitting up a series of premium rate mobile lines on the other side of the world.
However well you manage things internally though, the single best thing you can do to protect your VoIP phone system and other cybersecurity protection is to outsource as much as possible - to a respected and established international provider like ringover.
A non-fixed VoIP number, otherwise known as a virtual phone number, isn't linked to a physical address. Non-fixed VoIP numbers have the same calling capabilities as fixed VoIP numbers, and can likewise be used for residential or business purposes.
While non-fixed VoIP numbers aren't tethered to a geographical location, accounts can be created to serve any desired address. This allows businesses to contact customers all over the world.
Consider - if you were installing an alarm system to protect your home, would you build it yourself from bought components, then monitor it round the clock to ensure it worked? Fix it up when better technology becomes available, and take on the personal responsibility for ensuring you were one step ahead of the burglar's techniques at all times?
More info: cyber security engineer