Sergey Nivens - Fotolia

Is your Web conferencing service as secure as you think?

In general, Web conferencing service security is tight, but experts warn some gaps could be exposed. Find out what safeguards to put in place to keep your data secure.

Web conferences can be rife with sensitive material like revenue numbers, client information or product launches. With network hacks and security breaches more widespread, could hackers target Web conferencing next? Not necessarily, according to security experts, but there are caveats to consider.

Web conferencing services are "pretty secure," especially since many of them have abandoned Java-based software, said Marcus J. Carey , founder and chief technology officer at vThreat Inc., a cloud-based cyberattack simulator.

"I think Web conferencing is more secure than video conferencing," said Carey, drawing a distinction between the two technologies. "But you can shoot yourself in the foot with anything." Some Web conferencing security risks, however, do lurk.

For instance, hackers could set up vanity URLs, steal static phone and PIN numbers or simply social engineer an organization. According to Carey, many Web conferencing services now have vanity URLs like www.join.me/YourCompany, where a phisher could set up a presentation, impersonate a company and ask for money.

"I think vanity URLs could be exploited," he said. "I see a way for people to masquerade and pretend you're someone else as far as Web conferencing goes." Anyone can sign up for a Web conferencing service and set up a legitimate-looking domain, Carey said.

Carey added that companies should monitor any static dial-in credentials for their conference calls. Often, the call-in and PIN numbers don't change. If a person's email is hacked, the hacker could find those numbers, dial them and eavesdrop on calls.

Web conferencing a less attractive target

Despite some security risks, Web conferencing poses a less significant threat than more common attack targets, said Chris Grayson, a security associate at Bishop Fox, an IT security consulting firm.

"The lion's share of communication in modern organizations is through email," Grayson said. "And meetings are commonly followed by meeting minutes shared via email. Attackers will typically prioritize attacking textual communications over targeting Web conferencing systems."

What's interesting about Web conferencing is there are a lot of touchpoints.
Andy Nilssensenior analyst and partner at Wainhouse Research

But both Carey and Grayson stressed that companies need to keep their Web conferencing software patched and up to date. Grayson added these standard safeguards: Use encrypted protocols, choose mature software that has been developed with an eye toward security and use strong passwords.

Multiple layers of passwords and regular risk assessments are helpful precautions, said Courtney Behrens, senior marketing manager for Web solutions and services at electronics provider Brother International Corp. She said other safety measures include understanding how IT can govern cloud-based services and simply having the ability to turn features like recording on and off.

Building awareness of how employees use conferencing is key

Brother, which offers a cloud-based Web and video conferencing service, recently commissioned Forrester Research to conduct a survey on secure Web conferencing. The study found more than 60% of the organizations surveyed are sharing mission-critical information via Web conferences. More than 40% of the organizations are recording those meetings. Behrens stressed an organization's IT department needs to be aware of how employees are using a Web conferencing system.

Both Behrens and Andy Nilssen, senior analyst and partner at Wainhouse Research, emphasized some industries require more security than others depending on the information being shared. Conference recordings, uploaded presentations or other stored information could all be vulnerable if not secured.

"A Web conferencing facility [where the servers are stored] would be a very interesting way [for hackers] to get information," Nilssen said. "What's interesting about Web conferencing is there are a lot of touchpoints."

Those touchpoints, he said, include user authentication, agenda posting, secure hosting equipment and administrator meeting access. Nilssen said it's critical to select a reputable Web conferencing brand.

Next Steps

Video is a driver for the future of Web conferencing services

Deciding between legacy and startup Web conferencing services

How audio, video and Web conferencing differ

This was last published in February 2015

Dig Deeper on Unified Communications Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

8 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are you concerned about Web conferencing security?
Cancel
I'm always concerned about security. That's why we have a simple, straightforward method of dealing with the issue - if it's truly important data, it doesn't get discussed during web conferences. Yes, that's a little less convenient than we'd like, but some data is worth the trouble of keeping secured.

However, I am hoping that encryption advances to the point where we can discuss sensitive information through web conferencing. It would be nice to stop worrying.
Cancel
Thanks for the feedback jamesz243. Yes, you're right, there's certainly the human/common sense element that needs to be factored in to this topic and many other security topics.
Cancel
Secure web conferencing is especially important to larger enterprises at risk for other types of cyber attacks. I work for PGi and we get asked about the security of our web conferencing solutions all the time. Web conferencing providers take every available measure to keep our software secure. You do make a great point though: it is important to educate users on how to actually use web conferencing in the most secure way possible. Thanks for the insight! I'd be happy to discuss this topic further at any time: tori.barlow@pgi.com
Cancel
Thanks for your feedback, Tori. You're right: Certain enterprises and industries are more at risk than others simply because their data is more sensitive. And yes, the folks I spoke with highlighted the importance of employees knowing how to use the technology securely
Cancel
For secure web conferencing companies require robust software with security features to guard against unauthorized access/exposure. Regular risk assessments should also be carried out.
Cancel
Very well written, Luke. It's imperative to realize that all technology has risks.
Cancel
Thanks, RobinBull. And you're definitely right, david48 -- picking a quality web conferencing brand is vital and almost all sources for this story stressed the importance of regular risk assessments.
Cancel

-ADS BY GOOGLE

SearchMobileComputing

SearchNetworking

SearchTelecom

SearchITChannel

SearchEnterpriseWAN

SearchExchange

Close