A Comprehensive Guide to Secure Conferencing:
How to Set Up and Maintain the Security of a Conference Call
Due to its convenience, the demand for conferencing has slowly risen over the years to the point where it’s no longer unusual for companies to use this method of communication to meet and discuss with their business partners, clients, or even fellow employees residing in a different branch or location.
Unfortunately, as the demand for conference calling continues to rise, factors that threaten it continues to appear as well. However, while secure conferencing has become a necessity, many companies or organizations struggle to comply in adopting secure practices. As a way to resolve this, some companies opted for relying on secure conference call services with the necessary features to ensure that the information being discussed is protected.
In this eGuide, you’ll learn more about the importance of secure conferencing, the risks involved, as well as various tips on keeping the security of your conferencing top priority:
- What is Secure Conferencing and Why is it Important?
- Risks of Not Having a Secure Conference Call
- Factors that Put Conference Calls At Risk
- Features to Consider for a Secure Conference Call Service
WHAT IS SECURE CONFERENCING AND WHY IS IT IMPORTANT?
Cybercrime has certainly increased the moment technology became more accessible to the public. Multiple large companies have already been attacked and continue to be targeted by hackers resulting in data breaches and numerous privacy risks. Unfortunately, some remain unaware of these threats until it’s too late. Therefore, having a secure conference call has become a necessity.
According to a 2015 survey done by Research Now, 99% of hosts confessed that they weren’t always sure who was joining the conference call. In addition, 93% of those hosts stated that confidential information was sometimes shared during these meetings.
Surprisingly enough, 60% of these respondents thought that the lack of security was normal. Most companies would rather spend their budget increasing network security and keeping sensitive company information confidential rather than securing their conference calls. Disregarding the security of communication lines like a conference call risks vital information and discussions being done through unsecure conferencing and could lead to leaks and misuse of information by individuals with malicious intent. Anyone can use the information from these meetings for their own personal gain and ultimately, may put the company at a great disadvantage.
Even if all members of your organization have signed an NDA, it is simply good practice to put preventive measures in place when using conference calling to avoid unintentional exposure or misuse of confidential data.
RISKS OF NOT HAVING A SECURE CONFERENCE CALL
It may seem unlikely but there are cases in the past that show hackers intruding in a supposedly secure conference call. An infamous example would be a conference call hosted by the FBI back in 2012. They were tasked with investigating a certain hacker group but was unfortunately hacked instead. The hackers even posted a recording of the call online for public viewing. Another example took place during the 2008 presidential primaries. Obama’s campaign manager was able to join unnoticed in a conference hosted by the Clinton camp.
Although the examples listed above may seem extreme, it’s true that there are risks involved in not having a secure conference call. Here are some of them:
There are two types of uninvited participants that may appear on your call: unintentional joiners who may have received a missent email containing the conference call dial-in details and those who intentionally try to sneak into conference calls. There’s reason to be cautious with the latter since it’s possible that they may steal confidential information and use it to their advantage. It’s also possible that they will hijack calls to disrupt and cause harm to meetings or online classes by shouting profanity and hate speech, or by showing pornographic images. Moreover, client information can end up getting leaked which could damage a company’s reputation.
As mentioned above, cases where hosts are unaware of a call’s attendance aren’t unusual. This means that sensitive company information can spread to unauthorized people without the company’s knowledge. However, there are also internal leaks which are usually caused by inexperienced and distracted hosts who unintentionally spill a company secret during a conference call.
These two risks are mainly caused by sending dial-in details to the wrong contacts. It may seem like a simple mistake but it could lead to great repercussions especially if the information was sent to someone who has malicious motives.
FACTORS THAT PUT CONFERENCE CALLS AT RISK
Aside from missent dial-in details, there are other factors that can threaten your conference call security. If left unchecked, it could potentially put your company information at risk.
Almost everything that requires protection have passwords as their first line of defense. The same goes for conference calls. Usually, conference call services utilize a single passkey which is sent to everyone through email to provide access to a conference call. However, this makes it easier for hackers to enter the call since they can procure the password from any participant and use it anytime.
As a countermeasure, you can send out individual passkeys which can only be used once by a single person. This makes it more difficult for hackers to get a passkey that hasn’t already been used.
Calls that aren’t encrypted are at risk since it lets others understand the data that was sent back and forth during the conference. It could also lead to email addresses and passwords being leaked to the public therefore exposing personal information. By making sure that the transmitted data is encrypted, it ensures that the call information and details can only be available and comprehensible to the authorized senders and viewers.
Irresponsible sharing of links, passcodes, and toll numbers
Hosts or participants who share toll numbers, passcodes, and links online without any regard to the possible consequences will be a high risk. You need not only to raise awareness but to actively train your team how to prevent this kind of cyberattacks.
Lack of User Control
Having more user control enables the moderator to take the right action when needed when something suspicious happens. It also helps reduce breaches in security and lets the hosts moderate the call themselves.
Inability to Confirm User Identity or Attendance
Sending out individual passkeys may not be enough as the only security measure. It does enhance conference call security but it does not block hackers from accessing a call. The inability to confirm your participants’ identity can prove to be dangerous which is why it’s essential to have all kinds of protective measures against any attack.
Some conference call providers have multiple countermeasures such as doing a roll call at the beginning of the call, sign-up sheets, and a pre-conference room where the identities of participants are confirmed before proceeding to the live call.
No Method for Locking Calls
Hacker attacks don’t only happen prior to the call, it can also happen while a conference call is in session. A way to prevent this is by locking the call once everyone who should be present has joined the conference. Locking the call means that no additional user can be allowed to enter or access the conference call.
FEATURES TO CONSIDER FOR A SECURE CONFERENCE CALL SERVICE
Increasing the security of your conference call is advantageous for you and your organization in the long run. There are multiple conference call providers that offer numerous features that aid in conference call security at an affordable price. However, how would you know which conference call service to choose? Here are some features a secure conference call service should have.
Individual passkeys reduce the likelihood of the password getting leaked to unauthorized people. A unique passkey is given to each participant and it can only be used by the participant associated with it so even if someone else discovers your passkey, they won’t be able to use it.
This is one of the most effective security protocols for conference systems. This technology ensures that only the senders and receivers are able to comprehend the data and no external attacker will be able to interpret it. However, de-encryption tools are continuously being developed and improved so make sure that the conference call provider you choose uses the latest standard encryption features.
Green Room or Breakout Room
As a way to confirm the identity of your participants before they enter the live call, conferencing services have created a feature called a “Green Room” or a “Breakout Room” which serves as a pre-conference room. Once they have been verified, they will be transferred to the live call.
Aside from trying to secure dial-in details to enter the call, some hackers wait for the conference to start before trying to gain access. A way to counter this is by locking the call through a call lock feature. This will prevent uninvited guests from entering the conference.
Additional proactive measures that you could take to ensure that your conference call is secure are as follows:
- Broadcast Mode. Have all participants auto-join in a muted state. Unnecessary chatter between participants is prevented, lowering the risk for misunderstandings. This can also help prevent unidentified malicious individuals from spewing harassment or hate.
- Roll Call. Prompt each participant to announce their names prior to joining the call. The roll call can either announce who just joined or you should be able to play a full roll call at any time. This helps keep track of who has joined or left the call and when, and prevent unintentional participants who received conferencing access details by mistake from hearing the meeting further.
- Force terminate the call when done. Any attempt to maintain control over the conference call connection can be avoided.
- Utilize operator-assisted conferencing. For calls involving highly sensitive content, it is ideal to ask for an operator to assist you with the call. The operator can verify the identity of participants prior to letting them on the call. This will help you focus on the call more as they ensure that everything goes smoothly.
- Summary report. A summary report should be available that shows who was on the call, what location and number they joined from along with the duration they were on the call.
- Online Call Manager for monitoring and control. If you want to manage your own conference call, make sure your conferencing provider offers a live call manager that will allow you to see who is on the call in real-time. This can help you prevent uninvited participants from hijacking your calls, disrupting your meeting, and even collecting sensitive information. With this tool, you should also be able to mute lines, kick lines off the call, start and stop recording and initiate breakout rooms.
- Encourage participants to help secure conference calls. Advise and train participants to keep all conference access details safe and keep them from being posted online where anyone outside the company will be able to get a hold of it. As well as avoid taking online conference calls using public WiFi or public phones.
While we can’t stop cyber attacks from happening, we can prevent them from targeting and accessing our conference calls. Relying on secure conference call services can go a long way rather than just settling on a cheaper, more affordable choice since most free conferencing services are just integrated with regular security protocols. This, in turn, can be risky especially since this deals with your company’s sensitive information.
A good secure conferencing provider must have the essential features that meet your current security needs and allows you to make the most out of your conference call. Remember, a conferencing system not only exists to serve as a business tool, but it should also be utilized as a communication partner for your business. While we can’t stop cyber attacks from happening, we can prevent them from targeting and accessing our conference calls. Relying on secure conference call services can go a long way rather than just settling on a cheaper, more affordable choice since most free conferencing services are just integrated with regular security protocols. This, in turn, can be risky especially since this deals with your company’s sensitive information.