Sergey Nivens - Fotolia
Web conferences can be rife with sensitive material like revenue numbers, client information or product launches. With network hacks and security breaches more widespread, could hackers target Web conferencing next? Not necessarily, according to security experts, but there are caveats to consider.
Web conferencing services are "pretty secure," especially since many of them have abandoned Java-based software, said Marcus J. Carey , founder and chief technology officer at vThreat Inc., a cloud-based cyberattack simulator.
"I think Web conferencing is more secure than video conferencing," said Carey, drawing a distinction between the two technologies. "But you can shoot yourself in the foot with anything." Some Web conferencing security risks, however, do lurk.
For instance, hackers could set up vanity URLs, steal static phone and PIN numbers or simply social engineer an organization. According to Carey, many Web conferencing services now have vanity URLs like www.join.me/YourCompany, where a phisher could set up a presentation, impersonate a company and ask for money.
"I think vanity URLs could be exploited," he said. "I see a way for people to masquerade and pretend you're someone else as far as Web conferencing goes." Anyone can sign up for a Web conferencing service and set up a legitimate-looking domain, Carey said.
Carey added that companies should monitor any static dial-in credentials for their conference calls. Often, the call-in and PIN numbers don't change. If a person's email is hacked, the hacker could find those numbers, dial them and eavesdrop on calls.
Web conferencing a less attractive target
"The lion's share of communication in modern organizations is through email," Grayson said. "And meetings are commonly followed by meeting minutes shared via email. Attackers will typically prioritize attacking textual communications over targeting Web conferencing systems."
Andy Nilssensenior analyst and partner at Wainhouse Research
But both Carey and Grayson stressed that companies need to keep their Web conferencing software patched and up to date. Grayson added these standard safeguards: Use encrypted protocols, choose mature software that has been developed with an eye toward security and use strong passwords.
Multiple layers of passwords and regular risk assessments are helpful precautions, said Courtney Behrens, senior marketing manager for Web solutions and services at electronics provider Brother International Corp. She said other safety measures include understanding how IT can govern cloud-based services and simply having the ability to turn features like recording on and off.
Building awareness of how employees use conferencing is key
Brother, which offers a cloud-based Web and video conferencing service, recently commissioned Forrester Research to conduct a survey on secure Web conferencing. The study found more than 60% of the organizations surveyed are sharing mission-critical information via Web conferences. More than 40% of the organizations are recording those meetings. Behrens stressed an organization's IT department needs to be aware of how employees are using a Web conferencing system.
Both Behrens and Andy Nilssen, senior analyst and partner at Wainhouse Research, emphasized some industries require more security than others depending on the information being shared. Conference recordings, uploaded presentations or other stored information could all be vulnerable if not secured.
"A Web conferencing facility [where the servers are stored] would be a very interesting way [for hackers] to get information," Nilssen said. "What's interesting about Web conferencing is there are a lot of touchpoints."
Those touchpoints, he said, include user authentication, agenda posting, secure hosting equipment and administrator meeting access. Nilssen said it's critical to select a reputable Web conferencing brand.
Video is a driver for the future of Web conferencing services
Deciding between legacy and startup Web conferencing services
How audio, video and Web conferencing differ