We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
Hi Carlos, Check out ZipDX - they have a patented identity based conferencing that eliminates the need for pins by calling out to the meeting attendees. The system is used primarily for sensitive calls - investors, market research, executives and was developed to stop the inconveniences of pins and unsecured conference calls. Can be customized to needs and they've also got a partner program. You can learn more here: www.ZipDX.info or I'd be happy to put you in touch with someone their. Garrett *Garrett Smith* Founder *Pitch + Pivot, LLC* Website: PitchPivot.com Email: garrett at pitchpivot.com Office: 716-322-3101 Cell: 716-903-9495 LinkedIn: /in/garrettsmith <http://www.linkedin.com/in/garrettsmith> Twitter: @garrettsmith <http://www.twitter.com/garrettsmith> On Thu, Jun 2, 2016 at 2:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Strongly seconding ZipDX. They're high-quality in every respect. Top-notch customer support, as well as excellent service from a technical standpoint. My favorite features are high-def audio (g.722, last I checked) and dialing each participant when the meeting is scheduled to start. Saves a bunch of otherwise-wasted time. Graham Freeman, Principal Nerd NerdVentures.com <https://nerdventures.com/> +1-510-898-6772 graham at nerdventures.com https://www.linkedin.com/in/grahamfreeman Twitter: @get_nerdy <https://twitter.com/get_nerdy> On 2 June 2016 at 12:01, Garrett Smith <garrett at pitchpivot.com> wrote:
Hi Carlos,
Check out ZipDX - they have a patented identity based conferencing that eliminates the need for pins by calling out to the meeting attendees. The system is used primarily for sensitive calls - investors, market research, executives and was developed to stop the inconveniences of pins and unsecured conference calls.
Can be customized to needs and they've also got a partner program.
You can learn more here: www.ZipDX.info or I'd be happy to put you in touch with someone their.
Garrett
*Garrett Smith* Founder
*Pitch + Pivot, LLC* Website: PitchPivot.com Email: garrett at pitchpivot.com Office: 716-322-3101 Cell: 716-903-9495 LinkedIn: /in/garrettsmith <http://www.linkedin.com/in/garrettsmith> Twitter: @garrettsmith <http://www.twitter.com/garrettsmith>
On Thu, Jun 2, 2016 at 2:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
We have outbound conferencing also, they don't want that. They already do have HD conferencing and some web control of conferences. This is purely about their standard inbound conferencing not having a PIN. Alex's suggestion about ANI made me think of a compromise where their internal callers (80% of callers) would have no PIN. This still exposes their board conversation to random peons in the company, but at least it doesn't affect our side of it and stops the random outside users. There would be no exorbitant billing opportunity here, since they are locked to 100 channels and pay a flat usage fee for them. On Thu, Jun 2, 2016 at 12:01 PM, Garrett Smith <garrett at pitchpivot.com> wrote:
Hi Carlos,
Check out ZipDX - they have a patented identity based conferencing that eliminates the need for pins by calling out to the meeting attendees. The system is used primarily for sensitive calls - investors, market research, executives and was developed to stop the inconveniences of pins and unsecured conference calls.
Can be customized to needs and they've also got a partner program.
You can learn more here: www.ZipDX.info or I'd be happy to put you in touch with someone their.
Garrett
*Garrett Smith* Founder
*Pitch + Pivot, LLC* Website: PitchPivot.com Email: garrett at pitchpivot.com Office: 716-322-3101 Cell: 716-903-9495 LinkedIn: /in/garrettsmith <http://www.linkedin.com/in/garrettsmith> Twitter: @garrettsmith <http://www.twitter.com/garrettsmith>
On Thu, Jun 2, 2016 at 2:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
On 06/02/2016 03:13 PM, Carlos Alvarez wrote:
There would be no exorbitant billing opportunity here, since they are locked to 100 channels and pay a flat usage fee for them.
Well, in that case, all the risk is on you, and you're effectively being asked to bear it. -- Alex Balashov | Principal | Evariste Systems LLC 1447 Peachtree Street NE, Suite 700 Atlanta, GA 30309 United States Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Sort of. If they use all channels and the customer can't make/get calls, they'd change their minds quickly... On Thu, Jun 2, 2016 at 12:15 PM, Alex Balashov <abalashov at evaristesys.com> wrote:
On 06/02/2016 03:13 PM, Carlos Alvarez wrote:
There would be no exorbitant billing opportunity here, since they are
locked to 100 channels and pay a flat usage fee for them.
Well, in that case, all the risk is on you, and you're effectively being asked to bear it.
-- Alex Balashov | Principal | Evariste Systems LLC 1447 Peachtree Street NE, Suite 700 Atlanta, GA 30309 United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
you can fake ANI ... of course they'd have to guess / known the number.. which would lean towards inside job. Just make sure they sign off on usage charges and any spying liability. Or email them every time someone goes into the conference bridge, live monitoring, so they will be alerted if someone that shouldn't be in there is. Or email them a recording of the call after each time its used,so they know who was in there. Aryn H. K. Nakaoka anakaoka at trinet-hi.com Direct: 808.356.2901 Fax : 808.356.2919 Tri-net Solutions 733 Bishop St. #1170 Honolulu, HI 96813 http://www.trinet-hi.com https://twitter.com/AlohaTone Aloha Tone PBX <https://www.youtube.com/watch?v=96YWPY9wCeU> https://www.youtube.com/watch?v=96YWPY9wCeU <http://youtu.be/27v2wbnFIDs> Aloha Tone (HA) High Availability <http://youtu.be/rJsr4k0RBH8> http://youtu.be/rJsr4k0RBH8 CONFIDENTIALITY NOTICE: The information contained in this email and any attachments may be privileged, confidential and protected from disclosure. Any disclosure, distribution or copying of this email or any attachments by persons or entities other than the intended recipient is prohibited. If you have received this email in error, please notify the sender immediately by replying to the message and deleting this email and any attachments from your system. Thank you for your cooperation. On Thu, Jun 2, 2016 at 9:13 AM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have outbound conferencing also, they don't want that. They already do have HD conferencing and some web control of conferences. This is purely about their standard inbound conferencing not having a PIN. Alex's suggestion about ANI made me think of a compromise where their internal callers (80% of callers) would have no PIN. This still exposes their board conversation to random peons in the company, but at least it doesn't affect our side of it and stops the random outside users.
There would be no exorbitant billing opportunity here, since they are locked to 100 channels and pay a flat usage fee for them.
On Thu, Jun 2, 2016 at 12:01 PM, Garrett Smith <garrett at pitchpivot.com> wrote:
Hi Carlos,
Check out ZipDX - they have a patented identity based conferencing that eliminates the need for pins by calling out to the meeting attendees. The system is used primarily for sensitive calls - investors, market research, executives and was developed to stop the inconveniences of pins and unsecured conference calls.
Can be customized to needs and they've also got a partner program.
You can learn more here: www.ZipDX.info or I'd be happy to put you in touch with someone their.
Garrett
*Garrett Smith* Founder
*Pitch + Pivot, LLC* Website: PitchPivot.com Email: garrett at pitchpivot.com Office: 716-322-3101 Cell: 716-903-9495 LinkedIn: /in/garrettsmith <http://www.linkedin.com/in/garrettsmith> Twitter: @garrettsmith <http://www.twitter.com/garrettsmith>
On Thu, Jun 2, 2016 at 2:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Would you be OK with 100 channels incoming used 24/7 ? Do you have a soft cap? If not, how much do you charge per channel ;) Aryn H. K. Nakaoka anakaoka at trinet-hi.com Direct: 808.356.2901 Fax : 808.356.2919 Tri-net Solutions 733 Bishop St. #1170 Honolulu, HI 96813 http://www.trinet-hi.com https://twitter.com/AlohaTone Aloha Tone PBX <https://www.youtube.com/watch?v=96YWPY9wCeU> https://www.youtube.com/watch?v=96YWPY9wCeU <http://youtu.be/27v2wbnFIDs> Aloha Tone (HA) High Availability <http://youtu.be/rJsr4k0RBH8> http://youtu.be/rJsr4k0RBH8 CONFIDENTIALITY NOTICE: The information contained in this email and any attachments may be privileged, confidential and protected from disclosure. Any disclosure, distribution or copying of this email or any attachments by persons or entities other than the intended recipient is prohibited. If you have received this email in error, please notify the sender immediately by replying to the message and deleting this email and any attachments from your system. Thank you for your cooperation. On Thu, Jun 2, 2016 at 9:13 AM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have outbound conferencing also, they don't want that. They already do have HD conferencing and some web control of conferences. This is purely about their standard inbound conferencing not having a PIN. Alex's suggestion about ANI made me think of a compromise where their internal callers (80% of callers) would have no PIN. This still exposes their board conversation to random peons in the company, but at least it doesn't affect our side of it and stops the random outside users.
There would be no exorbitant billing opportunity here, since they are locked to 100 channels and pay a flat usage fee for them.
On Thu, Jun 2, 2016 at 12:01 PM, Garrett Smith <garrett at pitchpivot.com> wrote:
Hi Carlos,
Check out ZipDX - they have a patented identity based conferencing that eliminates the need for pins by calling out to the meeting attendees. The system is used primarily for sensitive calls - investors, market research, executives and was developed to stop the inconveniences of pins and unsecured conference calls.
Can be customized to needs and they've also got a partner program.
You can learn more here: www.ZipDX.info or I'd be happy to put you in touch with someone their.
Garrett
*Garrett Smith* Founder
*Pitch + Pivot, LLC* Website: PitchPivot.com Email: garrett at pitchpivot.com Office: 716-322-3101 Cell: 716-903-9495 LinkedIn: /in/garrettsmith <http://www.linkedin.com/in/garrettsmith> Twitter: @garrettsmith <http://www.twitter.com/garrettsmith>
On Thu, Jun 2, 2016 at 2:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Force them to sign a legally binding document that says all the bad things that could happen when you remove the PIN and that they accept full liability for any and all charges, hold you harmless, and make them sign it. Then frame it on your wall, and the day they get a $15,000 bill when what you told them would happen happens, smile smugly and send them a copy of the letter they signed with their exorbitant bill and say "I told you so." Beckman PS -- Throw in a nanny-nanny-boo-boo too. On Thu, 2 Jun 2016, Carlos Alvarez wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
On Thu, 02 Jun 2016, Carlos Alvarez wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
THe honest answer would be for you to look over your terms of services agreement. What was it you told them that your organization would be responsible for. Now to the technical slash security answer: Who manages/maintains the network? This is important for various reasons. If the network is segregated (voice and data), it makes things easier to deal with from the technical perspective. You could implement an ACL that states something to the tune of: "This IP (conf phone) should ONLY talk to the registrar, and no one else" but this would remove any HTTP like functionality. When you say: "Medical related company" it means little without context. E.g.: "A company that delivers uniforms" has less to worry about than a "A company that delivers EMR data on their conferences." You are just an ITSP, not a standards organization. The ultimate reality is, while you are an ITSP, they paid for whatever it is they are paying for. This is where you need to bring senior management into the discussion to discuss AUP, TOS and other annoying acronyms that we (technie folks) love to hate. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463 https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463
No way. Offer them options, as for example a whitelist of ANIs that are automatically dumped into a conference room, or a "smart conference" application where the conference bridge calls the participants instead of the other way around. They might like that. But no completely wide-open bridge, no way. -- Alex Balashov | Principal | Evariste Systems LLC 1447 Peachtree Street NE, Suite 700 Atlanta, GA 30309 United States Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Carlos Just mention HIPAA. You might also have some HIPAA compliance issues as well.
On Jun 2, 2016, at 1:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Believe me, I've covered that and several other regulatory matters, they maintain they don't care. The directive I got was from the second from the top, and he claims the CEO is behind him. Right now the stale-mate is at "we can have a conference call to discuss it with the CEO, but I won't do it without that." If they call me on it, well then...I'm just not sure. As to what type of "medical" company, I would like to keep the customer info very anonymous, but I'll say that it's way more than uniforms but not quite discussing a specific patient's ED prescription. There's probably not any specific patient data on a call, or maybe just very rarely. On Thu, Jun 2, 2016 at 12:27 PM, Anthony Orlando <avorlando at yahoo.com> wrote:
Carlos Just mention HIPAA. You might also have some HIPAA compliance issues as well.
On Jun 2, 2016, at 1:54 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:
We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference.
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Does it expose you to anything? If not shrug and shut it off. If so, offer it with something that passes the exposure on instead, explaining your costs change. No need to lecture them on their own laws or protect them from themselves. They need a service provider, not a parent. :) On 06/02/2016 03:33 PM, Carlos Alvarez wrote:
Believe me, I've covered that and several other regulatory matters, they maintain they don't care. The directive I got was from the second from the top, and he claims the CEO is behind him. Right now the stale-mate is at "we can have a conference call to discuss it with the CEO, but I won't do it without that." If they call me on it, well then...I'm just not sure.
As to what type of "medical" company, I would like to keep the customer info very anonymous, but I'll say that it's way more than uniforms but not quite discussing a specific patient's ED prescription. There's probably not any specific patient data on a call, or maybe just very rarely.
On Thu, Jun 2, 2016 at 12:27 PM, Anthony Orlando <avorlando at yahoo.com <mailto:avorlando at yahoo.com>> wrote:
Carlos Just mention HIPAA. You might also have some HIPAA compliance issues as well.
> On Jun 2, 2016, at 1:54 PM, Carlos Alvarez <caalvarez at gmail.com <mailto:caalvarez at gmail.com>> wrote: > > We have a customer who has been nagging us to remove the PIN from their conference lines. They are getting more insistent. We've said no, for the obvious security reasons, and explained them all clearly. On top of it, this is a medical-related company having sensitive conversations on conferences. They keep pushing us. What would you do? On the one hand I think we have no liability in the matter, but on the other, we're more of a consulting ITSP than just a generic service provider. We specialize in helping people not do stupid things with their phone system. There's also the matter of just eating up a bunch of channels by people using it as their own conference. > > _______________________________________________ > VoiceOps mailing list > VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org> > https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (9)
-
abalashov@evaristesys.com -
anakaoka@trinet-hi.com -
avorlando@yahoo.com -
beckman@angryox.com -
caalvarez@gmail.com -
garrett@pitchpivot.com -
graham@nerdventures.com -
joquendo@e-fensive.net -
paul@timmins.net