When you’re hosting a conference call there’s usually a handful of things you’re worried about, the integral part in the Conference Call Security for example:
However, there is one aspect of conference calling that is often overlooked, and that is the security of the service provider. While you don’t often hear about it, conference calls can be easily compromised and be a huge detriment to your business and reputation. Imagine this scenario:
Your leadership team is having their weekly meeting. In this meeting, there’s probably a decent chance that confidential information is being shared about the company. Now, let’s say you have a disgruntled employee who is able to access that call, this is known as an internal leak.
Nowaday’s, it’s common for co-workers to be able to view each other’s calendars so you can find meeting times that work for everyone. However, you can also see existing meetings, and invite links, on those calendars as well. A careless overlook of the attendees on that conference call could allow that disgruntled employee to share any information shared in that leadership meeting.
Another instance could be if someone outside your organization tried to gain access to a conference line, this is known as call snooping. The same thing could happen in which confidential information from that meeting could be leaked to the public.
I know you’re thinking these are unlikely scenarios, and it probably couldn’t happen to you; but, this exact scenario happened in 2012 when the group Anonymous, hacked into a conference call between the FBI and Scotland Yard. The result of this conference call breach was that details regarding various cyber-crime investigations were leaked to the public.
Hopefully, these examples have inspired you to take a second look at your conference call protocols and providers. There are several factors to consider when looking into the security of conference call services. Use the in-depth checklist below to ask your current provider, and possibly new providers should you find a need to switch.
Your conference calling service should provide you the ability to set up some general parameters for your call. These are not only helpful in managing meetings but are also great for monitoring security as well. Some secure access features to look for are:
Most conference call providers have some type of contact list or directory within the platform where you can see who is all on your call. What’s important, is that you have the ability to manage these conference attendees. Some basic questions to ask your service provider are:
In most cases, as long as someone has the conference line number or URL it can be fairly easy for them to access your call. Asking your conference call provider about the following access options can add an extra layer of security to your calls:
You should also be asking your conference call service provider about security measures that are in place for when the call is in motion. These features also add an extra layer of security to your call once you have all of the initial parameters in place.
The ability to record a conference call is very useful because not only can you reference them later, but they can be used to train new employees and catch-up absent attendees as well. However, it’s nice to know that your recordings are safe too.
You should ask your conference call provider about the Conference Call Security and how the recording is stored and managed. Ideally, they can be stored via Symmetric Encryption or Asymmetric Encryption. The difference is that either one code is sent only to you and the provider (symmetric), or a private and public code is generated to share with attendees (asymmetric).
Ultimately, if you’re paying for a subscription to a conference call service, you should be sure that it’s offerings are not only robust in features that make your calls seamless, but also secure.
Using the provided Conference Call Security checklist, you should determine what security features your current service provides, then make a decision whether or not you need to start vetting other services.
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…