Conference Calls Exposed: The Forgotten Hole in Your Information Security

Introduction

Organizations are increasingly reliant on technology, and information security has become a critical issue. A recent Forbes article projected that cybercrimes will cost businesses over $2 trillion in 2019 and according to Cybersecurity Ventures, global cybersecurity spending will increase by 12-15% per year until 2021. This increased spending is driven by a number of factors, including the need to protect sensitive data, comply with regulatory requirements and reduce the number of security breaches. But despite the ever-increasing attention paid to security, there is one area that remains notably absent from the list of security priorities – conference calls and remote meetings.

Malicious actors or accidental breaches? Determining the motives

Although attacks on bigger companies are the ones that make the headlines, organizations of all shapes and sizes are vulnerable to conference call security breaches – particularly when security habits are lax. As with many aspects of security, conference call threats fall into two categories: the malicious and the unintentional.

Malicious actors can include professional phishers, disgruntled former employees or competitors. These perpetrators see rich pickings in the sensitive content of many business calls and could use the opportunity to gather information for competitive advantage, fraud or blackmail. Incidents are rare, but the consequences can be catastrophic.

More common are the non-malicious, accidental breaches. These include situations where the host has scheduled back-to-back meetings and a guest inadvertently gatecrashes a confidential conversation, or when someone simply gets the day or time of the meeting wrong. While the outcome may be embarrassment rather than material loss, the reputational risk is significant, particularly when clients are involved.

Even the FBI and Scotland Yard have fallen victim

In recent years, there have been some high-profile conference call security breaches. In 2012, the FBI admitted hosting a conference call with Scotland Yard (the UK’s Metropolitan Police headquarters) while investigating the hacker group ‘Anonymous’, only to find that the hackers themselves were on the call. They simply obtained an email containing the dial-in details. Many people share confidential information on conference calls without considering the risk associated with using technology to communicate. You don’t need high-tech equipment or specialist knowledge to join a dial-in meeting you weren’t invited to – just the access code.

Dial-in – the ‘black box’ of conference calling

In a recent survey by Sapio, over 50% of conference callers admitted hosting remote meetings where they were unsure exactly who was on the call. Even more alarmingly, 70% reported that it is quite normal to discuss confidential information on these calls. The underlying cause of this lack of visibility is the joining method – dialing in with a number and access code.

Despite decades of innovation, more than 60% of participants still dial in to remote meetings rather than using software to join. Why are people still dialling-in to their calls? Dial-in can be frustrating, but it’s the familiar, easy option that people default to. However, when participants dial-in, every call is essentially a ‘black box’ – there’s no way of knowing exactly who’s on the call.

This security challenge is compounded by ‘reservationless’ conferencing which gives meeting hosts their own reusable access codes that are shared widely with colleagues, clients, vendors and the like. These numbers and codes are used time and again, often for years without being changed, and often end up in many different hands.

So, how do you address security on conference calls?

Training is an obvious non-starter. Most professionals don’t have the time or patience to attend training on how to host secure conference calls. What about adding a roll-call? Many conferencing services offer this capability, but there are two issues. First, it’s painful. Calls are interrupted every time someone joins or leaves. Second, it just doesn’t work in the case of the malicious actor. An unwelcome guest would simply not record their name. Then what?

The most effective way to address conference call security is to use a remote meeting solution that shows exactly who is on the call at all times. More progressive meeting solutions offer this level of visibility. By clicking on a link in a meeting invite to join a call, the identity of the participant is visible to the host on a meeting dashboard and the threat of unexpected guests is resolved.

Conclusion

Conference calls have become an important part of day-to-day business life. Organizations around the world rely on remote meetings to stay connected and communicate effectively, especially when in-person meetings aren’t possible. With so much focus on cybersecurity, it’s easy for organizations to forget about the sensitive information being shared in meetings. Dial-in conference calls are inherently vulnerable, and working towards a world where dial-in diminishes – and one day disappears – will finally make remote meetings secure.

Key insights from this whitepaper:

  • Cybercrimes will cost businesses over $2 trillion in 2019 and global cybersecurity spending will increase by 12-15% per year until 2021
  • Conference calls are often absent from security priorities
  • All organizations are vulnerable to conference call security breaches – even the FBI and Scotland Yard
  • The biggest security risk on conference calls is unexpected guests
  • More than 50% of conference callers have hosted remote meetings where they were unsure exactly who was on the call
  • Despite decades of innovation, more than 60% of participants still dial in to remote meetings, rather than using software to join
  • To guarantee conference call security, it is critical that firms move away from dial-in to a more secure joining method

Want to know more?

Security isn’t the only concern with dial-in conferencing. Read Steve Flavell’s latest interview with Briefing magazine as he discusses the classic frustrations with traditional audio conferencing and how businesses are moving away from dial-in to alternative solutions.

If you would like to find out more about how LoopUp works and how you can benefit from our remote meeting solution, we would love to speak to you! Please send us a brief message and we will be in touch with you shortly.

About LoopUp

LoopUp is a premium remote meetings solution for better, more productive conference calls. For too long, businesses had to choose between the potential of web conferencing software and the simplicity and reliability of traditional audio conferencing. LoopUp combines both, transforming the way that businesses communicate. Over 2,000 organisations around the world trust LoopUp with their important remote meetings, from multinationals like TravelexKia Motors, Planet Hollywood, and National Geographic to fast-growing SMEs, professional services firms and public sector organizations.

Register for Europe’s leading legal tech expo!