Video conferencing security best practices have come under increasing scrutiny as more of us have been working from home. Our reliance on these tools left many IT teams scrambling to quickly select a virtual meeting provider without having the time to really ask the question: What is the safest video conferencing app?
As the Covid-19 virus continues to plow an ugly path around the globe, it’s long past time for tech teams to look closely at video conferencing security features and best practices. This blog will help you understand some of the video conferencing security best practices your vendor and your company should set as the standard for virtual collaboration.
Top Five Video Conferencing Security Best Practices
Remember Zoombombing? If you were a victim, how could you forget it? Startlingly, we should note that Zoom advertised itself as having “end-to-end encryption,” long thought to be the gold standard for video conferencing security best practices. Today, Zoom faces some lawsuits over its encryption claims.
The lesson for the rest of us is that not all encryption is the same. To ensure the security of your video conference transmissions, it’s critical for organizations to conduct due diligence about what to look for in video conferencing security. Here are five video conferencing security best practices your online meetings provider must be sure to provide.:
1. Encryption should be included in every level of the product. This is a little trickier if you’re using a vendor that requires a software download for their application. Look for 128-bit Advanced Encryption Standard (AES) protocols that provide a key to unlock all video calls between end-users. These keys generate automatically at the beginning of a video session. How strong is AES? The research says it would take a supercomputer “one billion billion” years to break the code. That makes it a top choice for encrypted video conferencing best practices.
2. Single sign-on (SSO) is an authentication process requiring the end-user (and vendor) to keep track of one login per individual customer. This is beneficial because it makes it easy for an IT team to track “who was where and when” while they were using that login. Ideally, SSO should be tied to the end-user’s entitlement profile, which the video conferencing vendor should allow you to manage. The biggest benefit of SSO is its trackability; IT teams can figure out which video systems were breached and how, which makes the problem easier to mitigate.
3. Browser-based video conferencing offers a unique alternative to forcing end-users to download software to their favorite digital device, which carries inherent risks. The problem with any download from the internet is obvious, but it presents an additional challenge when it comes time to upgrade the platform. This leaves the end-user, i.e., someone in your company, vulnerable to missing critical security upgrades. Now imagine that same end-user leveraging that same digital device to access your internal databases and you can understand why web-based video conference solutions are inherently better.
4. Domain-based security means that your administrator can control permissions access individually or by the group. The benefit is that if an outsider without the proper permissions tries to enter a conference, the required permissions block that end-user until one with the appropriate permissions allows access. It’s a greater level of control that puts security in your hands, which is exactly why we consider it a video conferencing security best practice.
5. Setting video conferencing security protocols for your company is a best practice that you can also control. We’ve found that encrypted video conferencing features, or any other security protocols from the vendor, mean nothing if you don’t take responsibility at the end-user level. A video conference security protocol sets expectations that your end-users will take IT security seriously by following rules to keep your infrastructures, identities, and passwords safe. Some guidelines to consider include:
a. Every participant must agree to allow video recording during a meeting.
b. Personal mobile devices should not be used to record meetings.
c. Sensitive information should only be shared in private video conferences.
d. Personal information or other confidential data should not be visible on-camera behind the conference participant.
e. Microphones and cameras should be turned off when not needed in the online meeting.
f. Camera remote control is only allowed for authorized end-users.
g. Use the waiting room feature to restrict unauthorized access to private meetings and lock the event once everyone is inside.
h. Make sure meeting moderators know how to manually admit and remove attendees and do not disseminate invitation links publicly.
i. Do not use public hotspots to access private corporate meetings.
MegaMeeting for Secure, Encrypted Video Conferencing
As a browser-based application, MegaMeeting lacks the security risks associated with downloading software from the internet. Our backbone is WebRTC, which has encryption protocols in all components, including at the signaling level. We use data transport layer security (DTLS) as our encryption model, which is designed to prevent eavesdropping, message forgery, and other tampering. Additional encryption protocols are handled by secure real-time protocol (SRTP), which adds an extra layer of protection for any real-time video and audio transmission. With these two layers of encryption, you can be sure your transmissions and the data you’re sharing fall under the protection of the highest levels of IT security
Encryption isn’t the only video conferencing security best practice that we employ. All of our accounts are accessed via a secure HTTPS connection over WebSocket secure signaling channels for both data and voice. We even add a layer of protection for user credentials, storing your login data as impenetrable cryptographic hashes.
Because MegaMeeting is web-based, access to an individual user’s microphones and camera devices are restricted by their web browser. Current protocols include requiring explicit permission from the end-user before these devices are accessed by the video conferencing solution. This gives you control over these critical tools. All meetings have an additional security layer with a unique access key controlled by participants, which can prevent unauthorized access to any meeting they’re conducting.
Finally, as you might expect, we are fully HIPAA compliant. We only leverage HIPAA-compliant vendors (when applicable) for hosting, data transmission, and storage.
Our clients commonly come to us with a critical question: What is the safest video conferencing app that I can employ for my business? The answer is MegaMeeting, a leading provider of video conferencing solutions to the business community. Contact us to find out more.
MegaMeeting solves the biggest challenges of modern video conferencing. For users, it is an all-in-one platform that delivers both video conferencing and webinars in a single, simplified interface. For attendees, it is 100% browser-based, making it highly accessible; joining a meeting is instantaneous from a single click. For enterprises, it is highly customizable, with white-labeling options for a private branded solution. For developers, it is API-driven and easy to integrate.
Powered by WebRTC, Node.js, React, and GraphQL, it is a cutting-edge platform that is fun and easy to use for users and developers alike.