This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
5 Web Conferencing Security Best Practices
Security has surpassed performance, cost, and manageability as the top design consideration for any network, communications, or applications project. Taking this into account, enterprises must take five additional steps to secure their web conferences that contain confidential or private information. Let us review.
- Get Rid of the Dial-in Option — Yes, I said it. Standard phone calls don’t offer the level of security that you get in a conferencing or collaboration platform. For example, hackers can spoof phone numbers and voices (see related No Jitter article), and there’s no mutual authentication. Plus, calls don’t offer end-to-end encryption, and a third party can tap into them. Everyone has a smart device these days that can support a web conferencing client, so it’s necessary to be extra careful.
- Don’t Share Highly Confidential or Private Information — The only way to truly secure data is to avoid generating it in the first place. Once a participant shares highly confidential or private information on a web conference call, others can click the print screen button or take a picture of it with their phone. Plus, conference recordings and file shares aren’t always as secure as other enterprise content stores. Many enterprises redact confidential information to keep contact center agents from seeing it, and more should follow suit by incorporating this technology into their conferencing and collaboration platforms.
- Own Your Encryption Keys — End-to-end encryption is a minimum requirement and must-have for secure communication. However, there’s no guarantee of complete security unless the enterprise owns and rotates their encryption keys on every web conference. This way the conferencing vendor cannot access the real-time or recorded content of a session.
- Integrate with the Corporate SIEM — Security incident and event management (SIEM) systems, used as a centralized repository for all logs, enable enterprise IT to identify high-risk events. The challenge is that most communications platforms are not integrated into them, especially when they are cloud-based. Phishing attacks continue to be the primary way for hackers to breach enterprise security, and an increasing number of phishing attacks include real-time communications. Enterprises should talk with their collaboration vendors on how to use APIs to integrate into the corporate SIEM.
- Stop Using Default Settings — Large web conferencing platforms can be highly secure, but the default setting doesn’t provide high-security controls out of the box. Part of a zero-trust security strategy is to start with the mindset of denying everything and then give users the least privileged access and functions required for their role.