It’s been almost nine months since the COVID-19 pandemic began, and most people are still working from home. In many cases, this requires the use of video conferencing technology, like Zoom, Skype, or Microsoft Teams. While some of the security risks associated with these tools have been managed, or at least reduced, since the early days of the pandemic, that doesn’t mean video conferencing is entirely risk-free.
Because hackers are constantly looking for new ways to access your networks and steal valuable information, it’s important to understand the risks that are still present in video conferencing, and take steps to mitigate them.
The Ongoing Risks of Video Conferencing
In the spring of 2020, one of the greatest risks associated with video conferencing was unwanted intruders in meetings. “Zoom bombing,” something that was unheard of prior to 2020, became a common concern, with important business meetings suddenly interrupted by hackers who shared inappropriate materials, or disrupted the sessions with crude or threatening language.
However, the security concerns regarding online video conferences extend well beyond disruptions. Perhaps more concerning is the potential for a hacker to listen in on a meeting undetected, gathering information that would later be used for larger scale attacks. Another concern has been the recordings of meetings falling into the wrong hands. In many cases, users of video conferencing platforms upload recordings of meetings into the cloud, without using the proper security settings. This leaves the recordings vulnerable to public consumption and leaves information open to people who will use it for nefarious purposes.
All of this points to several issues with video conferencing. For starters, although most platforms offer security tools to keep meetings private, many users aren’t trained or experienced in using them, and thus improperly configured settings create openings for hackers. Second, users aren’t always taking necessary precautions to secure meeting details, transcripts, and recordings. Without taking steps to ensure cloud security, and using all available security tools, a valuable tool intended to keep your business moving forward could be the very thing that sets you back.
How to Secure Your Online Meetings
If you use online video conferencing tools, it’s vital that you implement safeguards to protect both your employees and the confidential information that is discussed and shared on the platform, including trade secrets, intellectual property, information governed by specific regulatory compliance standards, and personal information. With some strict rules and policies regarding how video meetings take place, they can be both productive and safe.
Establish Host Best Practices
Whoever is hosting the meeting can set protocols to ensure that only those who belong in the meeting are able to attend. All meeting invitations should include a password (generated using best practices for strong passwords), and hosts should make use of the waiting room feature. This ensures that the meeting doesn’t begin until the host arrives and lets the other participants into the meeting. Meetings should also be named appropriately, so don’t include sensitive information in the meeting title. Should hackers gain access to meeting recordings, they can easily uncover sensitive information if it’s listed in the meeting subject (i.e., “Merger with X Company”).
Only Use Video When Necessary
The beauty of video conferencing is that it allows participants to see each other, and creates a better connection between team members. However, if you don’t actually need video, turn off the camera and use audio only. This keeps hackers from watching the video and gaining information they can use for social engineering from the backgrounds of videos. Another option is to use generic backgrounds for all meetings, blocking out personal details.
Limiting screen sharing is also a smart security policy. If screen sharing is necessary, the host can designate which participants can share, and for how long, to reduce exposure time.
Prevent Call Recording Movement
When a video conference is recorded, it’s typically stored on the host’s device or the cloud. Your security team should have tools in place to ensure that meeting recordings are limited in terms of where they can be moved or shared. If the meeting platform automatically produces audio transcripts, these should be properly encrypted before being stored on the network or in the cloud. That said, only record or transcribe meetings when absolutely necessary.
Ultimately, the burden for security when it comes to video conferencing is on users. By building awareness of risks, monitoring and securing access to the meetings, and keeping the data produced secure, they’ll continue to be a valuable productivity tool.