To prevent unauthorized calling from your phone device, RingCentral requires our customers to place their desk phones behind their firewall or ACL devices so it is not exposed on the internet.
In addition, we recommend that your device be configured with strong admin and user passwords. For 3rd party devices, please contact the device manufacturer.
When a desk phone is exposed to the Internet with default, blank or weak passwords, it's possible for unauthorized parties to gain access to reconfigure the phone, view log files, and view provisioning information that can allow them to connect their own device and place calls that are billed to your RingCentral account.
If you take no action to secure all of the user interfaces for the devices on your account, you may be responsible for any charges incurred through unauthorized access and usage.
For information on how to set up your network for RingCentral Unified Communication Services, go to Network - Requirements and Recommendations