It’s a valid question, especially with increasing focus on online security. Both organisers and attendees want to know whether their details and information are safe from unauthorised access. With an ever increasing number of new software vendors entering the market, questions arise over their levels of security. Are new vendors more likely to be secure, or are they less likely to adhere to strict security standards? In this post, we will specifically look at webinars and what options you have to secure them.
With webinars being an increasingly common sight, most of us will have attended a webinar at some point in our careers. Even if you haven’t, you will be (at least a little) aware of what webinars are. You will know that webinars take place online and that they usually require attendees to register in order to view them.
Any registration poses a potential security risk, as you pass your details to the vendor. As the webinar organiser, you will want to reassure your audience that registration is secure. In equal measure, you will want to ensure that the content remains safe and only visible to those who you want to give access to.
Let’s start with the latter.
Keeping your webinar content safe from unauthorised access
There are a variety of reasons for wanting to ensure your webinar content is secured and only accessible by approved individuals. For example, internal or employee communications, internal training, and account-specific customer communications are common examples of webinars that should rely on added access security.
Simply publishing a webinar and sharing the URL only with trusted persons is not sufficient. URLs can be passed on and registration pages can be found. You will need to add a layer of security to avoid unintended and unauthorised access. Below are some options:
It’s as simple as it sounds. The webinar organiser defines a password for the webinar by setting it on the platform’s backend and provides the password to the intended attendees. Registrants can only enter the webinar by entering the password alongside the other user registration details such as name, email address etc.
Compared to unsecured webinars, this option requires additional steps by the organiser to distribute the password and ensure the recipients have received it. It may also require organisers to be available ahead of the webinar for any attendees who may have forgotten the password. Clear “Contact us” details and instructions should be available from the login page to avoid delays and frustration on the user side.
This security option allows webinar organisers to define one or more email domain name(s) to be permitted or blocked from entering any given webinar. This option works well, if you’d like to exclude registrations from a competitor’s domain name or non-commercial email domains (e.g. gmail.com, hotmail.com etc).
You can also use this option to only allow registrations from your own company’s email domain name, while blocking all others. You can increase security of this option by not making the webinar URL public. You can further increase the security of this option by adding the password protection option. By itself, domain filtering does not prevent users from entering fake email addresses and entering the webinar in that way. Therefore, our recommendation is to use a combination of settings as described, or opt for the next option below.
This security option is mostly used for internal communications and provides very high levels of security. With this option the webinar organiser requires all registrants to access your webcast from a link on a webpage residing within the assigned HTTP referrer location. For example: http://www.your-domain.com or http://www.your-domain.com/sub-domain.
For secure internal communications, the webinar link can be made available from a location on the internal network. Audience members can only access the webinar, if they click on this link, which only employees can access due to the fact it is located on the internal network.
Even if the link is copied and sent to someone externally, the webinar does not load as the attempt to access it did not come from within the assigned HTTP referrer location.
Manual upload and lock-down
For those who want to lock down their external webinars, can do so with a manual attendee list upload and registration lock down. But this comes at a high user-experience cost. Webinar organisers can manually upload a list of designated registrants into the webinar platform’s backend. The frontend is then locked down to not providing a registration form at all. Pre-registered users can access the webinar via a login-only page.
It is questionable whether this is appropriate for external webinars due to its highly restrictive nature, but there are various scenarios where this option is applicable. If you’re unsure, get in touch with us.
Keeping user information safe
With the new General Data Protection Regulation (GDPR) looming and the increased focus on cyber security, webinar providers are amongst those companies who need to be clear on security. Part of any due diligence should be a conversation about how user registration data is transferred and stored.
The data flow will invariably touch more than just one vendor and tool. The webinar vendor is the obvious starting point, but other touchpoints in the supply chain include the marketing automation tool and the CRM system, both of which are used to transfer user data. The webinar vendor may be the final or original place of storage, but if it doesn’t own its own data centres, you also need to consider where data is stored and backed up to (i.e. hosting providers).
Customers should be able to obtain detailed reassurances about the adherence to data protection laws. Vendors who don’t or can’t provide assurances should be questioned about their reasons not to. As a buyer, you will ultimately need to decide which vendor provides the appropriate level of assurance to consider for purchase.
Under data protection laws like the GDPR, different rules apply to so-called data processors and data controllers. If you are unfamiliar with these terms and rules, you should know and adhere to them by 2018 when the GDPR comes into effect. Contravention carried potentially significant fines.
Be reassured, however, that as a webinar organiser you can opt for leading and established vendors and rest in the knowledge that 1000s of enterprise clients have done their own due diligence on these providers. There should be no reason not to run webinars based on security concerns about the vendor’s infrastructure. While this does not absolve buyers from doing their own due diligence, it just points towards the need for awareness and perhaps increased due diligence for new or smaller vendors.
As a rule of thumb, external webinars don’t require access restrictions, because webinar organisers will want to encourage extensive registration and attendance. Marketers will, however, want to ensure their webinars are gated by providing a registration form. Gathering registrant and attendee information in this way is the first step towards better lead generation.
Access security is more important for internal and customer communications. Different levels of security exist to secure access to the webinar. Similar to securing a property, you can secure against opportunist access or extend it provide high-level security for pre-meditated and malicious attempts to access your webinar content. Your starting point should be a conversation with your webinar provider about which options they provide and what these protect against. Some conversations or decisions may require input from your own IT team, others can be handled by the business user / webinar organiser.
Ultimately, webinar organisers must decide on a balance between security and user-experience. User friendliness is the key to webinar attendance, both for internal and external webinars. Any restriction should be in line with the nature and goal of the webinar.