Conference calls are an everyday activity, with sensitive information frequently shared on them. Despite this, conference call security is typically not given much thought. And yet, in a survey of business professionals who regularly host conference calls, over 40% of respondents admitted that they don’t always know who is on the line (Source: Zogby, 2012). It’s worth noting that these figures only reflect the number of people who admit to this fact; the number is likely much higher.
If you’re one of the many who have conference calls without always knowing who’s on, then you’re unwittingly exposing yourself to unnecessary business risk. Read on to discover why visibility is crucial to conference call security.
A typical conference call without visibility
Today, the default conference call experience is the ‘reservationless’ model, where users have access to a conferencing bridge that is available to them 24/7. Generally call leaders send out conference invitations to participants, which usually include dial-in numbers and a participant code. Anyone with access to these details is able to join the call in question. Without some form of visibility, the conference call will be a rather black box experience as people join conference calls without knowing exactly who else is on the call. This is the source of the familiar conference call refrain: a ‘badoop’ followed by “who just joined?” It’s not always clear what these sounds relate to – it could be someone joining or someone leaving – or, more importantly, who they relate to. Not knowing who’s on and who’s speaking makes conference calls frustrating, but it also means they’re not secure as you don’t know for sure whether someone is listening in who shouldn’t be there.
This is the equivalent of walking into a meeting room blindfolded and presenting confidential information – you simply wouldn’t do that in normal circumstances, so why do it over the phone?
A high-profile example
One notable case of conference call snooping took place in February 2012: members of the hacking group ‘Anonymous’ intercepted emails containing the dial-in details for a recurring conference call between the FBI and Scotland Yard, to discuss an international cybercrime investigation. The hackers dialed in to the FBI and Scotland Yard call undetected, recorded it and then uploaded the recordings online. In doing so, they exposed the security breach that had taken place. Because of the lack of visibility on these calls, the conference call crashers could have continued to join these recurring meetings without the other participants knowing, had they not chosen to reveal themselves.
This shows that even extremely security-conscious organizations are vulnerable to this risk, but the same rule applies to anyone without conference call visibility. A common example is the case of back-to-back meetings. If you schedule one meeting immediately after another on the same line, there’s a strong chance that at some point you’ll have participants on the line who shouldn’t be there – and without visibility, you won’t know about it.
What does visibility mean?
It’s clear that visibility is essential for secure conference calls, but what does it actually entail? For a start, it should allow everyone – or, at least, the call leader – to see who joins and leaves a call in real-time, without needing to interrupt the meeting to ask ‘Who just joined?’
Visibility on its own isn’t enough, though; a premium should be placed on services that are easy to use, because if it isn’t easy to use, it won’t get used, and therefore you won’t actually realize the value of this visibility.
So, the answer is to find a solution that employs technology but presents this in a naturally discoverable way so that users are led towards this information. Look for solutions that are designed to be effortless with no training required upon setup and no IT support needed to get the benefits. Solutions that utilize an intuitive approach can thus ensure that you know who’s on the call (and who’s not supposed to be).
