Tips for Web Conferencing Security

Web conferencing is a powerful way for geographically distributed groups of people to collaborate effectively. Not only does it allow participants to see each other onscreen if desired, it also allows sharing of documents, drawings, spreadsheets and even full motion videos. A picture is worth a thousand words and the ability to share the actual materials that are being discussed in the meeting is extremely effective. It is useful to show participants in onscreen windows because their expressions and gestures give context to their statements which could otherwise be misconstrued. Web conferencing is also commonly used to share desktops in order to demonstrate software for remote viewers, be they customers or colleagues.

The major providers of web conferencing services have done a great job of educating the market of its uses and benefits. We have all seen advertising in major media outlets that explains what web conferencing is. Most people at this point have seen or participated in a webinar or other web conferencing event, and web conferencing has become a standard method of conducting business across all industries.

As significant as the benefits of web conferencing may be, one potential pitfall is that sharing company information in this way could make it accessible by unauthorized parties. The power of web conferencing is realized by sharing information of critical import and by definition that is the information you least want falling into unauthorized hands.

The following steps should be followed in order to prevent critical information from being accessed by the wrong people:

Control access to the web conference

• Invite participants to pre-register for the event. Pre-registration captures data about participants that can be used to verify legitimate participation during the event. Typically pre-registration is accomplished by emailing invitations. When a participant accesses the invitation they are given a link to a secure web page that gathers and stores their identifying data.
• Most web conferencing services are accessible via a secure link along with a user-id and password/conference number combination. These are typically made available to participants once they have pre-registered and can be uploaded into their Outlook calendar for easy reference on the day of the event.

Monitor and manage the event

• The web conference host has an array of monitoring tools at their disposal that are built into the web conferencing product. The host is able to see who has joined the conference, who has left, who has raising their hand, asking questions, etc... It is important for the host to monitor the participants to make sure no unauthorized personnel have found their way onto the conference. The host has the ability to block and eject anyone who is not authorized to be in attendance. Web conferences are done in conjunction with audio conferencing because it is critically important for participants to be able to hear the presenter and each other in addition to seeing the presentation. The audio portion of the conference can be provided through participants' computers via the web conferencing tool or by phone through a separate toll-free audio conferencing service. Either way, the conference host has the ability to mute and/or disconnect unauthorized participants. Audio conferencing services also provide conference host the ability to mute, block and/or eject unauthorized participants from the audio portion of the conference, and to lock the conference once all authorized participants are in attendance. The host needs to manage and monitor both the web and audio portions of the conference in order to maintain appropriate security.

Clean up after the event

• The host should review any post-conference reports that are available from the web conferencing service. These reports provide details of all attendees and can be used to identify unauthorized access to the conference. While it's true that this information is not available until after the conference has completed, it is still better to know there was an unauthorized participant so appropriate administrative and legal action can be taken and steps can be put in place to ensure that does not happen again. Audio conference services also provide post-conference reports and these should be reviewed with the same purpose in mind.
• Once the conference has ended the host should make sure the conference has been closed and all participants are disconnected. For obvious reasons it is not good to leave the session up once the meeting has ended.
• Make sure all company documents and other information have been removed from host servers.

Have you taken steps to prevent critical information from being accessible by unauthorized parties before, during and after a web conference? We'd love to hear your ideas!