As august suggest you'll need to block outbound calls.
But let's define what risk we're trying to avoid.
* Toll Fraud
* Privacy violations
* Stolen information
* Greetings that are changed that might embarrass the company
I'm sure there's more but, but, but...
All these can happen just by dialing and extension and getting to someone's mailbox.
Here's my opinion:
Total security is to shut off the system and lock it in a vault. Not very useful.
Now you need to balance security risk with usefulness.
Using non-trivial passwords with greater than 4 digits, blocking VM ports from ever being able to dial out (there's a couple of really good ways to do this), being sure that the NuPoint can't dial '9' (assuming that's your outbound access), locking out mailboxes that have too many failed log in attempts and deleting unused mailboxes is generally considered adequate security for VM.
I've never set up a system that didn't allow people to check their VMs from outside.
Ralph