What concerns you most about your conference calls? Call quality and reliability? The success of your meetings?
What about having someone snoop on your call?
With Zoom-bombings highlighting the needs of security across conferencing platforms, we want to draw attention to the importance of security – even during your conference calls.
Over the past two and a half decades, audio conferencing has changed significantly. The primary change has revolved around the development of software that utilizes web-based protocols and applications to control and carry conference calls better. (Your friends here at MeetingOne were some of the pioneers in this field of “internet-enhanced conferencing”!)
Why is security important again? Even before the coronavirus forced everyone to work from home, more meetings were being held across the world than ever before. One estimate places the number around 11 million per day – in the US alone! With the rise of COVID-19, millions more meetings are being held over the phone or web. More meetings, greater potential exposure to threats.
It’s likely this trend will continue even after things return to normal.
What’s worse is the simple fact that call hosts often don’t know who is on their call. A 2015 LoopUp survey found 99% of the respondents couldn’t say they always knew who was on their calls. Of those same call hosts, 93% said they occasionally shared confidential information during meetings.
What does that mean? Well, many call hosts are sharing sensitive information during calls – but they have no clue with whom they are sharing it!
As an excellent case in point, in 2012 the FBI held a conference call with Scotland Yard. Their topic: How to handle hacktivists. (Hacktivists are individuals who hack entities, for social or moral reasons, they believe to be corrupt.) Lo and behold, one such hacktivist snuck onto the call and posted the recording on the internet! Talk about irony.
To help you make the best assessment of your overall teleconferencing security, we’re following up our previous blog, “6 Factors of Web Conferencing Security You Need to Consider,” with a discussion on audio conferencing security.
(If you’d like to see the full picture of all the factors shaping into secure conferencing, download our easy to read whitepaper!)
What are the specific threats to your conference calls? Well, there are many. Here are a few.
Call Snooping: As with web conferencing, the last thing you want is some random outsider listening in on your conference calls. Call snoopers try to find unsecured dial-in numbers for conference calls they can join. Sometimes this entails stealing information to sneak into calls. Other times call snoopers use various strategies to dial conference numbers hoping they get lucky.
In Healthcare, snooping can lead to compliance issues with HIPAA, as the confidentiality of your patients’ protected information can be compromised. Fail to comply with HIPAA, and you could be slapped with a huge fine.
For a legal firm, if someone intrudes upon your call, they could potentially damage your case and reputation – oh, and you could get sued!
Internal Leaks: When it comes to information security, internal leaks represent one of the most prevalent issues and threats. Despite everyone’s best efforts to encourage comfortable and open work environments, the occasional disgruntled employee is liable to leak information about valuable business assets, acquired during a conference call.
That said, not every leak is the result of ill intentions.
All it takes is one careless employee, who was not supposed to be on a call, to confide a vital trade-secret to the wrong person, and your business could suffer a crippled reputation and incur financial damages.
There’s a lot you are up against, so let’s get you up to speed on conference call security musts. Conferencing providers that are concerned about security will offer a range of features and functions that secure your calls.
We’ve identified 5 groups of features or factors that are critical to sensitive organizations. Read about them below.
In the new era of audio conferencing, internet enhancement helps make for more productive meetings, through the use of features that manage group interactions. These same components can double as security elements, particularly when you are Securing Access to a conference room. Two examples of securing access are setting Conference Parameters and utilizing Access Mode Features.
As a few more options include using specific conference codes or individual access codes to gain access. More on these below, as well.
Securing the access features of a conference room is a critical starting place for all audio conferencing security.
Determining how individuals gain access to your conference rooms is of the utmost importance. To ensure individuals have the appropriate access to your conferences, you need an audio conferencing platform that makes user authentication a significant aspect for conference access. Many of the better platforms offer Contact List or Directory features, which can be used to assign the roles and privileges that will define one’s access to audio conference rooms.
Contact List or Directory: Many audio conferencing platforms use a virtual Contact List or Directory feature to define audio roles and privileges. These features serve two functions: on one side, they act as a virtual repository for your contacts; on the other, they are essential for defining an individual’s access to your room.
Better Contact List or Directory features allow you to create unique identifiers for participants that pre-approve how they can interact in your audio conference rooms. In doing so, you can keep your employee, Joe Shmoe, out of conferences he’s not supposed to attend.
Make sure to discuss with your audio provider what features they have for defining roles and privileges, and how to access these options. Defining the roles and privileges for your conferences is often the best way to prevent snooping.
There’s an unfortunate but very real fact: Anyone can get a conference phone number. That individual can then sneak into your conference calls. To prevent these potential break-ins, it is important your conference call provider offers Personal Identification Numbers (PINs), Individual Access Codes, and Conference Codes as standard features.
The second role is as a security feature. Audio Rooms can be gated so only IACs can be used to enter. Given IACs are so unique, it limits who can join a call.
Think of IACs as fingerprints. In the same way a fingerprint scanner grants you access to a secured room, an IAC opens the door to a conference call.
Providing conference codes is likely the most crucial step in preparing the security of an audio conference. Using codes helps limit two potential threats: outside conference hackers, and unwanted internal leaks.
To this point, we’ve focused on the security options you should have available for managing the configuration of your audio conferences. But what are the features you need to keep an audio conference secure once it has begun? Here are a few beneficial components:
(One of the industry’s first online visual interfaces was MeetingOne’s Click&Meet. We weren’t kidding about being pioneers. The screenshots below show examples of the Click&Meet interface.)
Although you can mute everyone with dial pad commands, selecting and muting a single person requires an online visual interface. Make sure your audio provider offers such software.
As an example, Click&Meet’s Sub-Conference Rooms feature functions for impromptu apparte. Individuals can be quickly selected by a host and moved into a sub-conference room where they can’t listen in on the conversation.
These five features, among others, help you remove those unwanted participants or the cunning perpetrators who may sneak past the first, second, and third walls of protection.
Can’t remember all that was discussed in your last conference call? With the right audio conferencing provider, call recordings can be easily acquired. Many businesses share their recordings with absent employees, trainees, and partners, so they can be aware of what was discussed during the event. In a more recent development, doctors have been recording sessions with patients, so their conversations can be later accessed by either party. The benefits of recordings are endless.
Minimally, you need to make sure any recordings your audio provider stores for you are protected while at rest, or in transit, using encryption combinations. The best methods layer symmetric and asymmetric encryptions.
With symmetric encryption, a single code is used to encrypt the data of a recording by your audio provider; then that same key is used to decipher the coded data by you. That code word, or “key,” is a secret, shared only with your provider and you for access to a recording.
Asymmetric encryption employs keys in a slightly different manner. With asymmetric encryption, you take advantage of two keys: one public, one private. Being public, one key is shared between anyone who might need it. The private key is yours alone.
Layering encryption in this way increases computational complexity, which means it’s nearly impossible for some hacker to guess the code and steal your recording.
Overall, bundling symmetric and asymmetric methods of encryption is a must for audio conferencing security.
Getting the most out of audio conferencing technology comes when you have the assurance of safety and security. When you can worry less about managing external threats and internal leaks, it gives you the opportunity to focus on the success of your presentations and conferences.
Assessing the security features your audio conferencing provider offers is critical. Over the last few decades, MeetingOne has invested a considerable amount of time and energy into refining its audio conferencing security. Numerous organizations, both public and private, depend upon MeetingOne’s security to facilitate large-scale and daily conference calls.
We love sharing our expertise; ask how we can help ensure your audio conferencing security is up to your industry’s standards! Or check out the overview of our security features.
This blog was originally published in June of 2016; then republished on February 27, 2020.