When you’re hosting a conference call there’s usually a handful of things you’re worried about, the integral part in the Conference Call Security for example:
- “Can you see my screen?”
- “I’m getting lots of echoes, can
everyone be sure and mute.”
- The magic trick of casting your
screen to the conference room TV while not losing the screen on your conference
- “I can’t see your screen, I dialed
- Or the dreaded, yet classic line
to try and save face: “I swear these things work about 30% of the time.” After
dropping the connection on your new client kickoff call…again.
However, there is one aspect of conference
calling that is often overlooked, and that is the security of the service provider. While you don’t often hear about
it, conference calls can be easily compromised and be a huge detriment to your
business and reputation. Imagine this scenario:
Your leadership team is having their weekly
meeting. In this meeting, there’s probably a decent chance that confidential
information is being shared about the company. Now, let’s say you have a
disgruntled employee who is able to access that call, this is known as an internal leak.
Nowaday’s, it’s common for co-workers to be able
to view each other’s calendars so you can find meeting times that work for
everyone. However, you can also see existing meetings, and invite links, on
those calendars as well. A careless overlook of the attendees on that
conference call could allow that disgruntled employee to share any information
shared in that leadership meeting.
Another instance could be if someone outside your organization tried to gain access to a conference line, this is known as call snooping. The same thing could happen in which confidential information from that meeting could be leaked to the public.
I know you’re thinking these are unlikely scenarios, and it probably couldn’t happen to you; but, this exact scenario happened in 2012 when the group Anonymous, hacked into a conference call between the FBI and Scotland Yard. The result of this conference call breach was that details regarding various cyber-crime investigations were leaked to the public.
Hopefully, these examples have inspired you to
take a second look at your conference call protocols and providers. There are
several factors to consider when looking into the security of conference
call services. Use the in-depth checklist below to ask your current
provider, and possibly new providers should you find a need to switch.
Ability to Secure Access
Your conference calling service should provide
you the ability to set up some general parameters for your call. These are not
only helpful in managing meetings but are also great for monitoring security as
well. Some secure access features to look for are:
- Maximum or set number of
- Sub-conference rooms
- Inactive time tracking – track
- Conference locks – locks call at
the start of the meeting
- Host controlled access – the host
lets participants in one-by-one
Role and Privilege Setting
Most conference call providers have some type of
contact list or directory within the platform where you can see who is all on
your call. What’s important, is that you have the ability to manage these
conference attendees. Some basic questions to ask your service provider are:
- How do I access the contact list
or directory within the call?
- Can I remove an individual from
- Do I have the ability to mute
individuals in the call?
- Can I revoke screen sharing access
from an individual in the call?
Access Codes & PINs
In most cases, as long as someone has the
conference line number or URL it can be fairly easy for them to access your
call. Asking your conference call provider about the following access options
can add an extra layer of security to your calls:
Do I have the ability to set a personal identification number (PIN)? A PIN is set up for the host of the call. This ensures that only the
host with the PIN can manage the conference call settings and designate access
to the room.
Am I able to provide conference codes to attendees? These are unique sets of numbers that are given to assigned attendees.
You can have all attendees use the same code, or generate individualized codes.
On-Call Conference Call Security
You should also be asking your conference call
service provider about security measures that are in place for when the call is
in motion. These features also add an extra layer of security to your call once
you have all of the initial parameters in place.
Host dial-out: This gives the host the ability
to manually add attendees to the call, and while it’s a little extra work, if
security is a big concern for a particular call, this is the way to go. Rather
than administer codes beforehand, as the host, you manually dial in all
Meeting roll-call: This feature has the
attendee record their name which will be announced once they enter the call.
This way, you know exactly who is in the room. This can also be used when
attendees leave the call (i.e. “John Smith has left the call”…to probably
Muting: This feature is pretty obvious, but if
you have an attendee who is sharing sensitive information unknowingly, or has a
bunch of background noise you should be able to shut their microphone off.
Move to a different room: If some information
is being shared on a call that one or more attendees should not be hearing, the
host needs to be able to move an attendee to a sub-conference room without
dropping them completely.
Manual disconnect: Let’s say John Smith is
announced as entering the call, and he is definitely not supposed to be there,
you should have the ability to remove him from the conference line.
Encrypted Recordings (Symmetric
The ability to record a conference call is very useful because not only can you reference them later, but they can be used to train new employees and catch-up absent attendees as well. However, it’s nice to know that your recordings are safe too.
You should ask your conference call provider about the Conference Call Security and how the recording is stored and managed. Ideally, they can be stored via Symmetric Encryption or Asymmetric Encryption. The difference is that either one code is sent only to you and the provider (symmetric), or a private and public code is generated to share with attendees (asymmetric).
Ultimately, if you’re paying for a subscription to a conference call service, you should be sure that it’s offerings are not only robust in features that make your calls seamless, but also secure.
Using the provided Conference Call Security checklist, you should determine what security features your current service provides, then make a decision whether or not you need to start vetting other services.