Facebook recently changed the terms of its Facebook Messenger app, which allows users to make VoIP calls in addition to text chatting through the service. The new terms give Facebook broad access to calls that effectively make communication through the service completely open to the company.
The new terms give Facebook broad access to record audio with the microphone at any time without user confirmation, the right to take videos and photos using the user’s cell phone camera, access to the phone’s call log, the ability to read data about contacts stored on the phone, and the option to discover the communication relationship between the user and his address book contacts.
Basically, Facebook has given warning that its service does not actually offer private communication.
While it is true that business culture and society at large has started to embrace the bargain of getting services for free in exchange for allowing companies to do some tracking for marketing purposes, a change such as that made by Facebook, highlights the strong possibility for such services to compromise corporate security.
Employees who leverage Facebook to communicate with colleagues are not actually communicating on secure channels, and it is possible that Facebook or other firms can intercept or use the data that traverses the network.
This is not a problem limited to over-the-top services such as Facebook, either. This is a general concern with any VoIP service that is not set up for corporate use.
The value of VoIP is almost undisputed at this point, from cost savings to feature set, flexibility and mobility. But VoIP must be secure, at least when it comes to corporate use. Terms such as that now included with Facebook’s service are frankly inappropriate for any business with trade secrets or competition.
It is relatively easy to encrypt VoIP calling and create a secure environment free from third-party interception or privacy concerns. It is not a question of technology. The issue is that for far too many businesses, security threats go unnoticed. The value of encryption and business-grade VoIP is not focused upon enough, just as having a disaster recovery plan seems like a needless exercise until the moment it is needed.
Security breaches can take down companies and cost millions of dollars depending on the breach. Businesses need to ensure that their VoIP calling solution is secure. Period.