What is the recommended best practice for securing administrator access to a business VoIP phone system?