Web Conferencing: The Most Secure Things in Life Aren’t Free

No company provides free business software out of the sheer goodness of their hearts. They do it for at least one of three reasons: to access your personal data; the opportunity to advertise to you; or to hook you in order to upsell you premium services at a later date. Many of us have learned this lesson the hard way in the world of consumer and social networking software.

None of this is inherently sinister, but when it comes to web conference services, IT and business buyers need to be particularly vigilant of the security risks. There are many players providing free and low-cost services that are very light on security. It only takes one major security breach to expose options in this space for the false economy that they represent.

Let’s take a take a closer look at the three key aspects of web conferencing security to evaluate when selecting providers:

1 – Authentication

Guillaume Vives

Ensuring that only authorised participants join calls is a major challenge with free audio, video and web conferencing. You can host an encrypted meeting but anybody with the details of the call can join and listen in. Even worse, if people join using the audio-only options, they can listen in without revealing their names or identities.

Lack of authentication poses a serious risk factor. Last October a major aircraft manufacturer came to us after two external audio-only parties listened in on an all-hands meeting that their CEO hosted. Similarly, as we enter the 2020 election campaign, a number of politically engaged organisations have approached us to ensure that opponents, detractors and unauthorised journalists are not able to sneak onto their web conferences – as they have done in the past.

However you don’t have to work in aerospace or politics for security breaches like this to place your organisation and its people in jeopardy. To avoid them at your organisation, seek out premium conferencing services that include a full security suite with encryption AND two-factor authentication (two-stage secure login process). Crucially, make sure the system you choose eliminates the common loophole of being able to forward meeting invitations.

2 – Privacy

Lots of cloud or online services gives you free access without making it clear that they sell all the data they capture on you. This is not just data that reveals your identity, but also who you meet with, for how long, and even how frequently.

At minimum, if your company uses a free service that has granted permission to sell on this type of data, your employees must be made aware of this. For most organisations, this isn’t an acceptable trade-off. Again, look for premium services that explicitly state that they don’t sell your data on to any third parties. Paying for services gives you a lot more leverage in the event of any privacy breach.

3 – Monitoring

The riskiest services are those that provide a single number or call link that anyone use to join without so much having to enter as a password or meeting ID. I’ve heard countless stories about people being on conferences that finished late, where random people from the next meeting have joined and listened in. Monitoring capabilities prevent this from happening.

Monitoring lets administrators watch conferences to see how many people have joined, who they are and crucially, where they are calling from. So, for example, if your employee John Smith appears to be calling from Vietnam and you know he is based in New York, you have the opportunity to remove him from a conference.

Look for systems that provide remote moderation, which is an effective and non-intrusive way to protect the confidentiality of sensitive conversations and documents.

Publish a BYO clear policy

Well-meaning colleagues might sign up for free calling services under the IT radar in a bid to save money or try something they think will be fun for their teams to use. However, if you take security seriously, you need to publish a clear policy explaining exactly why free, potentially insecure services are not allowed. If you want the policy to stick, explain the risks these systems pose to people’s personal data and privacy, along with the risks to the company.

Meetings should be ‘safe spaces’

There are plenty of instances where a free software option may be suitable for the individual or organisation. Each company will have a different set of policies to mitigate the risk of unwanted code in their network. Other applications have become business critical and customers should be very careful about what is made available to employees.

Collaboration is a functional part of the enterprise that has continued to become more critical to a company’s productivity and culture. Forcing functions like remote employees, cultural diversity and generation gaps weigh heavily on tools that can foster better communication among employees from any location or device.

The bottom line is that company meetings should be safe spaces where no personal data or private conversations are compromised.  People are gaining greater awareness of the perils of free software, however, it only takes a single security breach on a web conference to create a damaging crisis. By taking the time to rigorously evaluate the security features of your conferencing services, this can easily be averted.

Guest Blog by Guillaume Vives, Chief Product Officer, BlueJeans Network
BlueJeans is the meetings platform for the modern workplace. We bring video, audio and web conferencing together with the collaboration tools people use every day.

Got a comment?