How to Secure Conference Calls Easily
In a recently leaked conference call, U.S. supermarket chain Whole Foods “slashed” its marketing staff. “Your role will be removed” employees were informed in what can be described as a Human Resources nightmare. Red-faced management at Whole Foods have undoubtedly been asking themselves: “Exactly how secure are our conference calls?”
Due to their convenience and cost-effectiveness, conference call facilities have become an unavoidable facet of corporate life. Such is their commonplace that people rarely consider the grave threat these services pose to corporate security and confidentiality. But as we saw above, its high-time businesses began to ensure secure conference calls. With data security, always be proactive rather than reactive.
In January 2012, the hacker cell ‘Anonymous’ admitted to eavesdropping on a conference call between the FBI, Scotland Yard, and other foreign police agencies. A 16-minute recording of the conversation was subsequently posted online. Even at the very top, they seem to struggle with ensuring secure conference calls.
How at risk am I?
When it comes to security breaches, only large companies and organisations make the headlines. The spin-off effect is that there is an element of naivety among smaller businesses. But smaller operations are just as much at risk as their larger competitors, perhaps even more so.
It is estimated that through 2021, cybercrime will cost approximately €4.8 trillion per year on average. That’s a figure that most of us can barely comprehend. Appropriate measures are slowly being undertaken in larger companies (or at least they should be) but smaller companies with typically lax security measures are at risk now more than ever.
When people envisage cybercrime, the typical image conjured is of hackers typing furiously while staring into a screen of computer code. This Hollywood image is a little misleading, to say the least. In terms of conference calls, all a hacker needs is a dial-in number and a PIN code to eavesdrop and gather potentially sensitive information. Recent research has shown that 78% of conference call users have experienced a stranger on the line, while 34% say they are never sure who exactly is on a call.
“One of the problems with conference calls is that quite often it isn’t immediately clear who is on the line”, says Gavan Doherty, founder and CEO of conference call platform 247meeting. “We get a lot of first-time clients coming to us saying they have had conference calls in the past where suddenly they have heard voices they didn’t recognise.”
When opportunity knocks
Most cases of data theft or breaches in security are opportunistic in nature. A criminal with access to a dial-in and PIN might check the line every now and again to see if a conference call is in progress. They may even record the discussion and use the information for their own benefit. There’s even evidence to suggest that security breaches often derive from competitors trying to steal sensitive information and gain unfair advantages as opposed to the criminal classes.
Human failings are as much to blame as the technological shortcomings. It falls on management to ensure employees comply with security standards in order to protect both their workforce and clients. Sadly, shortcuts are taken everywhere as convenience is favoured over security. Most of you reading this will use the same password for all their digital platforms.
“People can be very slow to change their dial-in access PIN codes”, Doherty explains. “This can offer a way in to unscrupulous third-parties. You might host a conference call with a particular customer or supplier at 10am every Monday, if you don’t change the PIN there is nothing stopping that third party from dialling in at that time to listen in to your conversation. If they have masked their caller ID, you would have no way of knowing who is listening in.”
Another major risk for companies is a lack of GDPR compliance. Since May 2018, if management or anyone is discussing the personal details of a staff member and an unauthorised listener joins the call, or unwittingly disclose sensitive information to unauthorised third-parties, they risk having to pay fines up to 4% of their global turnover.
So what are the solutions?
- We recommend working with a platform that allows for dialling-out conference calls as opposed to the traditional dialling-in method. This means putting the host in control of the call and no one can dial-in without consent.
- Utilise a platform that shows you exactly who is on the call. To ensure confidentiality, you can’t take it for granted how many people are on your conference call.
- If you use PIN codes, be sure to change them on a regular basis. Use a platform that allows for “disposable” or “once-off” PINs.
- Turn on the features like Roll Call and Name Announcements so you can identify everyone on the line.
- Never share any personal PIN codes or passwords.
- Avoid using the same password on every platform.
Our 247meeting Mobile app is a one-stop shop for everything listed above ensuring both secure conference calls and convenience! With our app, there’s no dialling-in with PIN codes etc., the host simply selects who they wish to include on the call and dials-out as if it were a normal phone call. The host can then clearly see on-screen who’s on the call, thus removing the potential for any unauthorised eavesdroppers.
247meeting provides other security features like ‘disposable conference calls’ that make use of ‘once-off’ PIN codes; A Secure Name Record that rejects any callers who do not state their name; as well as a Roll Call which informs you of how many people are on the call and their names.