When it comes to web conferencing services, IT and business buyers need to be particularly vigilant of the security risks.
Our chief product officer, Guillaume Vives, recently wrote the article “Web Conferencing: The Most Secure Things in Life Aren’t Free” for UC Today, where he takes a closer look at the top 5 key aspects of web conferencing security to evaluate when selecting providers:
Ensuring that only authorized participants join calls is a major challenge with free audio, video and web conferencing. You can host an encrypted meeting but anybody with the details of the call can join and listen in. Even worse, if people join using the audio-only options, they can listen in without revealing their names or identities.
Lack of authentication poses a serious risk factor. Last October a major aircraft manufacturer came to us after two external audio-only parties listened in on an all-hands meeting that their CEO hosted. Similarly, as we enter the 2020 election campaign, a number of politically engaged organizations have approached us to ensure that opponents, detractors and unauthorized journalists are not able to sneak onto their web conferences – as they have done in the past.
However, you don’t have to work in aerospace or politics for security breaches like this to place your organization and its people in jeopardy. To avoid them at your organization, seek out premium conferencing services that include a full security suite with encryption AND two-factor authentication (two-stage secure login process). Crucially, make sure the system you choose eliminates the common loophole of being able to forward meeting invitations.
Lots of cloud or online services gives you free access without making it clear that they sell all the data they capture on you. This is not just data that reveals your identity, but also who you meet with, for how long, and even how frequently.
At minimum, if your company uses a free service that has granted permission to sell on this type of data, your employees must be made aware of this. For most organizations, this isn’t an acceptable trade-off. Again, look for premium services that explicitly state that they don’t sell your data on to any third parties. Paying for services gives you a lot more leverage in the event of any privacy breach.
The riskiest services are those that provide a single number or call link that anyone use to join without so much having to enter as a password or meeting ID. I’ve heard countless stories about people being on conferences that finished late, where random people from the next meeting have joined and listened in. Monitoring capabilities prevent this from happening.
Monitoring lets administrators watch conferences to see how many people have joined, who they are and crucially, where they are calling from. So, for example, if your employee John Smith appears to be calling from Vietnam and you know he is based in New York, you have the opportunity to remove him from a conference.
Look for systems that provide remote moderation, which is an effective and non-intrusive way to protect the confidentiality of sensitive conversations and documents.
- Publish a BYO clear policy
Well-meaning colleagues might sign up for free calling services under the IT radar in a bid to save money or try something they think will be fun for their teams to use. However, if you take security seriously, you need to publish a clear policy explaining exactly why free, potentially insecure services are not allowed. If you want the policy to stick, explain the risks these systems pose to people’s personal data and privacy, along with the risks to the company.
- Meetings should be ‘safe spaces’
There are plenty of instances where a free software option may be suitable for the individual or organization. Each company will have a different set of policies to mitigate the risk of unwanted code in their network. Other applications have become business critical and customers should be very careful about what is made available to employees.
Collaboration is a functional part of the enterprise that has continued to become more critical to a company’s productivity and culture. Forcing functions like remote employees, cultural diversity and generation gaps weigh heavily on tools that can foster better communication among employees from any location or device.
Ultimately, company meetings should be safe spaces where no personal data or private conversations are compromised. People are gaining greater awareness of the perils of free software, however, it only takes a single security breach on a web conference to create a damaging crisis. By taking the time to rigorously evaluate the security features of your conferencing services, this can easily be averted.
At BlueJeans, security and privacy are of primary importance. You can find out more information about BlueJeans’ security settings in our Trust Center.