Conference call bridges are not thought of as openings where sensitive data may leak from your organization, but just because you don't think of it doesn't mean it's not happening - anyone with access to dial-in numbers and participant codes is able to join the call. Not knowing who's on means you don't know for sure whether someone is listening in who shouldn't be.
Not knowing who is on your call is a major security risk to which most companies are exposed. A high-profile case of this occurred in 2012 when the FBI admitted that hackers listened in on a conference call it had with Scotland Yard and other foreign police agencies about a joint investigation of the hacker group and its allies. Even more surprisingly, the eavesdroppers didn't actually hack into the call. They obtained an email containing the conference call login information.
If you identify with any of these risk factors – and you don't have the ability to lock your calls – you're at risk of exposing confidential information to unwanted participants listening in.
- Lock a meeting to block new participants from joining
- Validate all participants, including those on audio only
- Validate participants’ endpoint encryption status
- Transport layer security (TLS) protocol prevente eavesdropping and tampering
- Passwords encrypted using Digest-MD5 and SHA256
You schedule one meeting immediately after another on the same conference bridge and you have participants on the call who shouldn't be there. This happens because the first meeting runs long, or participants invited to the second meeting join early.
You host recurring meetings and anyone with those dial-in details and knowledge of the time of the meeting will be able to join – even if their participation is no longer required or more importantly, they are no longer with the company.
When employees leave, they inadvertently keep hold of the participant conference call details for calls they attended in the past. The participant codes aren't changed frequently and these calls are open indefinitely to eavesdropping from former employees.
Vendors and Contractors
Vendors, short term employees/contractors or third-party personnel have access to conference codes for recurring meetings often related to product development, go-to-market strategies, and sales/marketing initiatives.
You share a set of dial-in and participant codes but run the risk of accidentally scheduling calls at the same time leading to two sets of participants joining at once or participants invited to one user's call turning up on the line uninvited.
Large Number of Participants
The host is relying on the "beeps" to signal participants joining and leaving, keeping track of who is on the call becomes extremely difficult, unwanted participants pass unnoticed and leading to that conferencing call classic, "who just left?"
MiCloud Access - Secure Conferencing Made Easy
MiCloudAccess is an easy to use and easy to deploy, cloud conferencing and collaboration solution designed for business use, bringing people together anytime and on virtually any device.
- Connect anywhere on virtually any device
- Simple dial-in model, with both video access and standard phone numbers for audio-only participants
- Collaborate with partners and co-workers using your Virtual Meeting Room (VMR) Scaleable – choose the number of meeting rooms you would like to start with, then add more anytime
- Reservation-less – no scheduling or reservations needed
- Inter-operable – embrace a wide array of productivity tools including Microsoft Lync®, mobile devices, and standards-based (H.323 and SIP) video conference systems
Terms and conditions:
* To receive the free Plantronics Voyager Focus headset (product number PLTX-VOYAGER-FOCUS) you must host 10 meetings on MiCloud Access during the 30-day trial period. Limit one free Plantronics Voyager Focus per company. The free headset will be shipped to US business addresses only. Offer expires August 31, 2016.