Thursday, October 30, 2008

When Private Conference Calls Go Public

The New York Times – and others – will listen to your private conference calls... if you let them.

Published in The New York Times this week...
"In point of fact, the dirty little secret of the banking industry is that it has no intention of using the money to make new loans. But this executive was the first insider who’s been indiscreet enough to say it within earshot of a journalist.
(He didn’t mean to, of course, but I obtained the call-in number and listened to a recording.)" ~Joe Nocera, The New York Times (more)

When a corporate eavesdropping detection specialist tells you...
• Give each participant their own – one-time – passcode.
• Distribute conference call numbers and passcodes discretely.
• Do not send them via mass emails.
• Do not let admins post passcodes on their cubicle walls.
• Do advise all participants to keep the codes secret.
• Change the passcodes for reoccurring calls.
• Assign passcode distribution responsibility to one person.
Please listen.
...or, skip the call and buy The Times.

Next steps:
• Consider encryption for the call itself.
• Have the rooms/offices checked for bugs. (Sources: 1, 2)