As business people, we use conference calls as a means to communicate almost daily; in the U.S., we spend upwards of 55 billion minutes annually (Wainhouse Research, 2010) on conference calls. During these calls, sensitive and confidential information is often shared. And yet, in a survey of business professionals who regularly host conference calls, more than 40% of respondents admitted that they don't always know who's on the line (Zogby, 2012). (It's worth noting that these figures only reflect the number of people who admit to this fact, and that the real number is likely much higher.)
Without knowing who's on the line, conference calls are open to eavesdropping by uninvited guests, especially when many participants are on a call. A high-profile case of this occurred in 2012 when the FBI admitted that hackers listened in on a conference call it had with Scotland Yard and other foreign police agencies about a joint investigation of the hacker group and its allies. Even more surprisingly, the eavesdroppers didn't actually hack into the call. They obtained an email containing the conference call login information.
Despite this, conference call security is typically an afterthought for most users, if they think of it at all. But, what if sensitive details from a conference call about, say, the proposed re-financing of your company's debt, the sale of your company, the acquisition of one of your competitors, the launch of a new product or solution, or the departure of your CEO, fell into the wrong hands? How important is the security of your conference call then?
Today, the default conference call experience is the reservationless model through which users have around-the-clock access to a conference bridge. Call leaders send out calendar invitations, which usually include a slew of dial-in numbers and participant codes, to intended guests. However, anyone with access to these details is able to join the call.
Not knowing who's on and who's speaking not only makes conference calls frustrating, but it also means you don't know for sure whether someone is listening in who shouldn't be.
Think about walking into a meeting room blindfolded and presenting confidential information – you simply wouldn't do that in normal circumstances, so why do it over the phone?
Not knowing who is on your call is a major security risk to which most companies are exposed. Curb your company's risk by watching out for the following six common conference call risk factors , all of which underline the need for visibility on your conference calls, whether you are a participant or a host.
1. Back-to-Back Meetings
If you schedule one meeting immediately after another on the same conference facility, at some point you likely will have participants on the call who shouldn't be there. This could occur because the first meeting runs long, or participants invited to the second meeting join early. Without knowing who might be joining your conference call, this has the potential to be chaotic as you hear '"beeps" signaling unknown users joining and leaving. Worse than this, though, is the security implication of not knowing who's on your call at all times.
2. Recurring Meetings
If you host recurring meetings, anyone with those dial-in details and knowledge of the time of the meeting will be able to join – even if they are no longer supposed to be involved. Additionally, if you have an account with a conference call vendor through your company, you can often do a cursory search within the organization's dashboard and find logins and passwords for any recurring call scheduled through that vendor. Not only can you find non-secure meetings within your organization, you can often find external meetings with other companies – unsafe for anyone trying to conduct a private product demonstration or confidential information transfer.
3. Shared Conferencing Details
Teams sharing a set of dial-in participant codes run the risk of accidentally scheduling conference calls at the same time. This can lead to two sets of participants joining at once or participants invited to one user's call turning up on the line uninvited. The larger number of shared dial-in details, the higher the chance of people turning up on calls to which they're not invited.
4. High Employee Turnover
Organizations with high employee turnover by default have a higher conference call security risk. When employees leave, they might inadvertently keep hold of the participant conference call details for calls they attended in the past. If codes aren't changed frequently, these calls are open indefinitely to eavesdropping from former employees. One damaging example of this would be the salesperson who moves to a competitor, but who continues to listen into the calls to gain customer information with poaching in mind.
5. Third-Party Suppliers or Contractors
Much like with former employees, part-time and contract workers or third-party personnel who spend a short time in the business might still have access to conference codes. As with high employee turnover, recurring use of the same codes compounds this problem. Pair this with back-to-back meetings and reusing your line, and the problem multiplies.
6. Large Number of Participants
Of course, more participants invited to a call means more people with access to the codes and the ability to use them in future. More pertinently, if the call host is relying on the "beeps" to signal participants joining and leaving, keeping track of who is on the line becomes extremely difficult – any unwanted participants may pass unnoticed and can lead to that conferencing classic, "who just left?"
If you identify with several of these risk factors – and you don't have visibility on your calls – then you're at risk of unwanted participants listening in, whether as an innocent mistake or something more threatening. Finding a conferencing solution that lets you know who is on the line is the first step to lowering your risk. This level of visibility, when combined with suitable call controls, should enable a conference leader to isolate the line from anyone unfamiliar, and drop unwanted guests from the call if needed. Investigate collaboration tool providers that offer this level of visibility, but be sure that this visibility is presented in an easy-to-use way, so that you will reap the benefits of this crucial piece of information.
Michael Hughes is co-CEO of LoopUp, provider of SaaS conferencing solutions for remote enterprise meetings.