The risks inherent in video conferencing were highlighted recently when security researcher Jonathan Leitschuh unveiled a vulnerability in the popular video conferencing software Zoom. This flaw put the information of nearly 750,000 companies at risk. While most security flaws in conferencing software aren’t quite so dramatic, this case shows us that any company–even one as lauded as Zoom–can make a mistake. And as new vulnerabilities are discovered and fixed, cybercriminals are always searching out more–and they aren’t always difficult to find, either.
Human error is the biggest cause of data breaches on an industry-wide basis. This makes sense, as most cybercriminals aren’t sophisticated hackers with years of training. They’re people who focus on easy targets. The fact that video conferencing is a more complex technology than most others that workers regularly use makes it even more difficult to ensure that those using your network know how to stay safe. However, by adhering to some basic video conferencing security best practices, you can protect the integrity of your meetings and the privacy of your business.
Four Video Conferencing Security Best Practices to Implement
Your video conferencing platform provider is ultimately the one most responsible for the security of your video calls. However, there are still some video conferencing security best practices you can implement to reduce risks due to human error. Here are four to consider:
#1: Enable automatic updates
Updates are what resolve known issues; not updating software leaves devices vulnerable to breach. In the case of Zoom’s video conferencing vulnerability, the company rolled out an update to resolve the issue shortly after Leitschuh found and wrote about the flaw. However, the update wasn’t widely reported–probably because Zoom didn’t want to broadcast a known security weakness to individuals who would exploit it.
Ensure that your employees get in the habit of installing updates as soon as they become available.
Unless users knew of the issue and then learned of the update, they might not have known they needed to install the newer version to improve their security. Enabling automatic updates solves this problem, allowing users to be notified of an update the next time they open the app. Ensure that your employees get in the habit of installing updates as soon as they become available, so they don’t forget.
#2: Use encrypted video streams
Encryption ensures that even if someone does manage to access your stream, the information they find will be useless. In end-to-end encryption, the communication is scrambled using a digital code that only authorized users can access. This all happens behind the scenes, so the end-user doesn’t have to sacrifice quality and convenience for security. Various types of next-generation security are also in the works, such as blockchain-based video calling and even “unhackable” quantum video conferencing.
For right now though, end-to-end encryption is the industry standard and regular updates are critical to maintain it (new encryption protocols are rolled out when hackers discover ways to exploit old ones). This is yet another good reason to enable automatic updates and install them as soon as you’re notified there is an update available.
#3: Establish BYOD and network use policies for employees
When a Bring Your Own Device policy is in place, it’s still critical to maintain some control over the devices you allow on your business’ network. For example, many people use their smartphones for video conferencing on the go, but relatively few actually password protect those smartphones–only about 48% according to one recent study. In addition, modified devices that have been subjected to rooting (for Android) or jailbreaking (for iOS) also present a threat and shouldn’t be used to access video conferencing software.
Have policies in place regarding what devices employees can use while video conferencing.
Employees should be aware that where they are joining video calls is just as important as what device they’re using. About 81 percent of Americans polled said they are willing to use unsecured public wifi, and only one percent said they use a VPN while on public wifi. While encryption can help protect your feed if public wifi is being used, it’s still a good policy to discourage the use of unsecured networks. To protect the integrity of sensitive data, have policies in place regarding what devices employees can use while video conferencing as well as where they are allowed to connect.
#4: Enable two-factor authentication (2FA)
Two-factor authentication adds another layer of security that can shore up defenses against often ineffective passwords. That extra layer may include location tracking, which triggers a heightened security check when a user enters from an unexpected location. For instance, if a user typically signs on from Los Angeles and their credentials are now being used in Bangladesh, they will be prompted to enter a PIN or the answer to a security question.
Having multiple layers of security in place is an important video conferencing security best practice.
This is just one example of virtually thousands of options in 2FA. Two-factor security is continually evolving and enhanced biological security features like webcam facial recognition, fingerprint access, and even retinal scanning may soon become commonplace. Having multiple layers of security in place is an important video conferencing security best practice, as it prevents unauthorized access even if one security measure fails.
Reduce the Risk of Human Error Through Training
Employees rarely expose private company data because they want to. Instead, they do it by accident, often because they don’t understand the severity of the risk. Policies may tell them what they’re not supposed to do, but often they don’t tell them why they’re not supposed to do it. Some employees may think video feed privacy isn’t a big deal–until they realize that one breach could allow someone to access their phone’s camera whenever they want, in perpetuity. A better understanding of the risks involved will make employees more likely to take ownership of video conferencing security and to adhere to policies.
Stay up-to-date on news regarding your specific video conferencing platform.
Regular employee training in specific video conferencing security best practices is crucial. Stay up-to-date on news regarding your specific video conferencing platform as well, as companies may not widely publicize every time a weak spot in security is found. This ensures you can easily communicate risks and make sure everyone is installing updates and patches as needed. Proactive security won’t protect you against every possible video conferencing security risk, but it will keep you from being an easy target.