Protecting you and your data: OfficeSuite HD Meeting security and privacy

by Scott Yelton
April 17, 2020

Windstream Enterprise (WE) takes the security of our network and customer data very seriously. With the rapid shift to remote workers and telepresence, our businesses, healthcare providers, educational systems and government entities now rely even more on OfficeSuite HD Meeting® for business continuity. We want to educate our customers on the steps we have taken to protect their networks, as well as additional tools available for their use.

The OfficeSuite HD Meeting solution comes with built-in security at both the platform and web services levels to protect your meeting environment. OfficeSuite HD Meeting web services reside in redundant Amazon Web Services (AWS) environments to isolate your data from other computing resources. Additionally, WE privacy policies protect data that traverses the cloud through multiple mechanisms, including AES-256 encryption and private MPLS network connections to AWS. Windstream Enterprise also provides a full suite of security tools that can be configured at the customer level to enable compliance and create secure meeting environments.

OfficeSuite HD Meeting Security

Primary security components in OfficeSuite HD Meeting

Third-party authentication: OfficeSuite HD Meeting users cannot log in with third-party credentials (e.g. Facebook, Twitter or LinkedIn). Therefore, there is no possibility of a data breach between OfficeSuite HD Meeting and these third parties.

Encryption: AES-256 ECB encryption is generated by our system and can be enabled at the account or host level. With encryption turned on, meetings accessed through HD Meeting desktop clients and mobile apps will be encrypted in transit. As dial-in callers move through the telephony gateway, the gateway servers encode and encrypt the audio.

HIPAA compliance: We enable HIPAA compliance; we can sign Business Associate Agreements with healthcare customers and disable key features to enable compliance.

Domestic U.S. data routing: OfficeSuite HD Meeting has its own fully redundant dedicated environment in the U.S. OfficeSuite HD Meeting has no tie to any foreign-based servers.

Customer data privacy: OfficeSuite HD Meeting falls under our Privacy Policy. Windstream Enterprise does not sell customer data. 

Meeting passwords: For a more secure meeting, passwords can be enabled at the account or host level.

Video camera control: By default, the video camera option is turned off. It can be turned on when entering a meeting. Participants can turn their video on if they choose.

Web client behavior: By default, all accounts will have the web client behavior feature disabled. If there is a need to have participants join via the web, this feature can be enabled at the account or user level.    

File transfer: By default, file transfer within meeting chat is turned off. It can be enabled at the account or user level.

Malware installers: Windstream Enterprise has its own domain (meeting.windstream.com). We have an automated process that downloads the software to a computer upon license activation. Apps can be downloaded at meeting.windstream.com/download.

Important tips to prevent meeting bombing

While there have been no reports of any OfficeSuite HD Meeting break-ins, here are some best practices that hosts can use to prevent unwanted meeting guests:

  • Set “Meeting Password” when scheduling meetings
  • Disable “Join Before Host” so attendees can’t enter the meeting before the host
  • Enable “Co-Host” so you can assign others to help moderate
  • Disable “File Transfer” and use a cloud sharing platform such as OneDrive or Dropbox
  • Disable “Allow Removed Participants to Rejoin” so booted attendees can’t sneak back in
  • Enable “Waiting Room” to see who is trying to enter; the host can control entrance
  • “Lock Meeting” so no other attendees can join
  • Use a randomized meeting ID and only share details with attendees

Windstream Enterprise will continue to focus on monitoring for new security threats and respond swiftly to mitigate these threats if they arise.