Spot On Insurance recently hosted our first virtual conference – or, I should say, tried to host one. The malicious actions of some unintended participants forced us to close down the event and re-schedule. So unfortunate because we and our invited guests were really excited to get together and discuss how we’re all coping with the current disruption. The sad fact is that hackers go where the people are, and right now that’s on virtual conference platforms.
But whenever things go wrong for us, our first response is to try to learn from the experience. We have! But with lots of people relying on virtual conferences during the widespread shelter-in-place, we wanted to share what we learned with you.
Don’t take security for granted.
Even before COVID-19, our team and the team at ILSA used virtual conferences frequently. We interviewed podcast guests, provided demos of service and software solutions to prospective clients, met with clients to discuss particularly complex needs, used it to collaborate with team members and freelancers working from multiple locations, etc. We felt comfortable with the technology and confident that we understood it.
Now, services like Zoom, Skype, GoToMeeting, Join.me, and others are trying to cope with an unprecedented volume of traffic. That high volume is revealing vulnerabilities in their systems that they are working hard to address. But as users, we need to do our part, too.
Virtual conference technology isn’t exactly part of your IT infrastructure, but it needs to be treated as if it is. Our biggest mistake was being too open with our invitation process. (Hey, we want to share our knowledge with as many people as possible!) But just as you wouldn’t post your bank information online or share your network passwords with others, you need to take a cautious approach to sharing conference information.
Start Small and Be Thorough
Another mistake we made was bypassing our normal R & D strategy in our eagerness to implement this new way to connect with our audience. Typically, we take the following steps when creating a new product or service:
- Research the product thoroughly from determining what needs the product will address through the delivery system.
- Test the product and delivery system with a few select clients and get their feedback on the experience.
- Refine the product and delivery process based on that feedback.
- Soft launch with a larger group to ensure the solution is scalable.
- Launch the product to the full audience.
Steps 2 and 3 are sometimes repeated, but overall, that’s our process.
In hosting our second virtual conference, we adhered to these steps. First, we did a LOT of research on how to secure our meeting. Based on that research, we made the meeting by invitation only. Interested parties go to a secure landing page to register for the meeting. Each registrant is carefully vetted.
Twenty-four hours before the meeting, we mail each participant a unique meeting ID and password that won’t be re-used. Upon logging in, each participant goes into a waiting room to be approved before they can join the actual meeting. Security settings for the meeting default to participants not being able to screen share or activate their audio. (We have a chat function so legitimate participants can ask questions and give their feedback in realtime.)
The intent is to create a layered security protocol that dissuades hackers.
Have systems to respond if things DO go wrong.
A key part of any cybersecurity or data security plan is having a system to respond in case something goes wrong. People usually describe this as a plan, but to me, a plan always suggests an “if this happens, we do that” approach. It’s a sad fact that the bad guys have a lot more time to develop their attack strategies (especially these days) than responsible businesspeople have to devote to creating specific responses. Besides, we’ll never be able to anticipate every possible attack.
That’s why we focus on having systems to respond. We have an executive system in place to quickly decide whether the attack is severe enough to terminate the meeting. We have IT systems to block bad actors and prevent them from repeating the same attack at least. We have communication systems to stay in touch with legitimate participants and let them know the next step to take.
Virtual is still the way to work.
For all the growing pains that virtual conference systems are going through, take a moment to think about what our world would be like if we didn’t have this option. Millions of people would have to choose between risking their health and the health of others and feeding their families and keeping their businesses afloat. Friends and families would be even more isolated than they already are.
Yes, we will make some mistakes in using this technology in new ways and on a new scale. But mistakes should always be an opportunity for growth. The upside of this situation is that we’ll come through it with a more sophisticated technology that offers us all more choices – and that serves our global economy and community better than before.
For more tips on how to secure your virtual meetings:
- How to Keep Uninvited Guests Out of Your Zoom Event
- Preventing Eavesdropping and Protecting Privacy on Virtual Meetings, by Jeff Greene
- What It Takes to Run a Great Virtual Meeting, by Bob Frisch and Cary Greene