Secure Web Conferencing
By Bob Van Hoof
Experts warn some security gaps could be expose your web conferencing data – learn how TACLAN Connect keeps your data secure.
Web conferencing services are “pretty secure,” especially since many of them have abandoned Java-based software, said Marcus J. Carey, founder and chief technology officer at vThreat Inc., a cloud-based cyberattack simulator.
Hackers could set up vanity URLs, steal static phone and PIN numbers or simply social engineer an organization. According to Carey, many Web conferencing services now have vanity URLs like www.join.me/YourCompany, where a phisher could set up a presentation, impersonate a company and ask for money.” I think vanity URLs could be exploited,” he said. “I see a way for people to masquerade and pretend you’re someone else as far as Web conferencing goes.” Anyone can sign up for a Web conferencing service and set up a legitimate-looking domain, Carey said.
Carey added that companies should monitor any static dial-in credentials for their conference calls. Often, the call-in and PIN numbers don’t change. If a person’s email is hacked, the hacker could find those numbers, dial them and eavesdrop on calls.
Web conferencing a less attractive target
Despite some security risks, Web conferencing poses a less significant threat than more common attack targets, said Chris Grayson, a security associate at Bishop Fox, an IT security consulting firm.
“The lion’s share of communication in modern organizations is through email,” Grayson said. “And meetings are commonly followed by meeting minutes shared via email. Attackers will typically prioritize attacking textual communications over targeting Web conferencing systems.”
But both Carey and Grayson stressed that companies need to keep their Web conferencing software patched and up to date. Grayson added these standard safeguards: Use encrypted protocols, choose mature software that has been developed with an eye toward security and use strong passwords. Multiple layers of passwords and regular risk assessments are helpful precautions, said Courtney Behrens, senior marketing manager for Web solutions and services at electronics provider Brother International Corp. She said other safety measures include understanding how IT can govern cloud-based services and simply having the ability to turn features like recording on and off.
TACLAN Connect Safeguards
We have been hosting and repairing customer’s conferencing solutions for over 16 years. When we decided to build our own solution we wanted two key elements security and inexpensive customer cost. The TACLAN Connect solution begins with a layered security approach. First of all we use a Verisign SSL certificate – these have proven to be reliable and strong. Next, we built our application to also encrypt the stream of data being passed between meeting participants using the Advanced Encryption Standard (AES). In addition to these security settings, administrators can lock down events so that a pre-registration and password are needed to attend the meeting.
Lastly, we decided that the storage of customer data on conferencing systems for long periods of time created a two-fold problem. First, the customer’s private information was sitting unattended on a server which could be exposed by their own employees mishandling of web meeting settings. An example would be creating an event as an “open” meeting instead of using registration and a password protection.
Secondly, the cost of storing unattended “stale” content can grow out of control. Many large clients allow their instructors to store years of data in the web conferencing system without a managed review period. The TACLAN Connect system is offered at less cost without overage changes for content storage because we do not store the content. Once the meeting ends the content is gone. Recording of sessions are immediately stored on the instructors computer for their use and internal distribution.
Robert Van Hoof is the CEO of Strategic Vision, Inc. He has developed technology-based training programs for multiple U.S. government departments and Fortune 500 companies, which include U.S. Army, U.S. Department of Homeland Security, U.S. Department of the Interior, United Technologies, Pratt and Whitney Rocketdyne and Duke Energy.
Mr. Van Hoof can be reached at email@example.com.
Thanks to: Luke O’Neill – Site Editor of techtarget.com for a portion of this article.