Web Conferencing Security Tips
Protecting your confidential data during a Web conference requires vigilance on multiple fronts before, during and after the meeting. A research report on Web conferences in 2003 identified three overarching goals in assuring Web conferencing security:
- Take ownership
- Comply with standards
- Secure the environment
Here are some more specific tips on how to hold a secure Web conference. They fall under three categories:
- Entrance Requirements
- Information Access
- Data Protection and Storage
Before your conference begins, you need to make sure that only the people you want to attend are able to attend. It's important not to publish meeting titles or otherwise publicize your conference, so as not to tip off hostile parties that the conference is happening. Here are some other tips on entrance requirements:
- Send e-mail invitations over a secure e-mail server to make sure they're not intercepted. Secure invitations are your first line of defense against unwanted intrusions
- Maintain a strict policy regarding passwords for entrance into the conference. Most Web conferencing services allow you to require two separate passwords for especially confidential meetings.
- Limit password authentication attempts to stymie would-be hackers.
- Authenticate both voice and Web access to the meeting.
Not all the information presented during your conference needs to be made available at all times, nor to all parties. Before the conference begins, your company should agree what information is confidential and what information isn't. Here are tips on handling information access:
- Assign different participants different access levels based on their need-to-know status, agreed on before the meeting.
- Don't make all the information available at once; release access to information at different points in the meeting.
- Don't pass information via an instant-messenger service.
- Don't allow video recording of the conference.
Data Protection and Storage
Your data is the lifeblood of your company and needs to be protected at every stage of the Web conferencing process. If you're using an outside hosting service, make sure that the vendor's security policy is in line with your company's needs.
Hosting the conference on your own server is ideal, but not always possible. As the number of vendors offering Web conferencing services has increased, they have begun to make security a priority. Here are some ways to protect your data:
- Comply with corporate standards for Web conferencing. Over time, such compliance strengthens meeting security. Look to XCON for these standards.
- Use the highest level of encryption possible for your data.
- If you're using a third party service as a host, avoid placing confidential data onto their server.
- If you must place confidential data onto a third-party server, delete it immediately after the meeting.
Turn to the next page to learn about third-party audits.