There has been significant growth over the past two years in the volume of remote work environments that leverage video conferencing for collaboration. Increasingly, these digital work environments have been scrutinized for their cybersecurity risks. In 2020, incidents of “Zoom-bombing,” were shockingly frequent; the platform has since tightened its security protocols.

However, the damage was done; most companies are now concerned about – or at least aware of – the potential vulnerabilities of their video conferencing solution. Corporate IT teams are very aware that the laptops, tablets, and phones their employees use to access video conferencing may themselves be vulnerable to attack, to say nothing of networks and endpoints in their end-user’s homes.

Video conferencing can open the door to individual privacy threats, such as the theft of personally identifiable information (PII). Confidential business information is also at risk every time your teams dial into a video conference. How can companies shore up their approach to cybersecurity in these vulnerable areas?

Why Worry About Secure Video Conferencing?

Since the pandemic began, highly visible attacks on some of the most public video conferencing solutions were not uncommon to see on the nightly newsfeed.

The most common types of video conferencing attacks include:

·         Bombing your meeting. This happens when an uninvited participant joins your video conference. Their goal could be just to disrupt your meeting or to steal corporate secrets by listening in.

·         Malicious chat links. Once your uninvited guest arrives at the video conference, they may drop a malware link into chat. This could be a ploy to shut down operations or steal data.

·         Meeting link theft. The goal of the video conferencing trespasser may be to try to re-use the video conferencing link later on for free.

·         Host takeover. At the end of a large meeting, if the host leaves early, the goal could be to take over the meeting and become the leader.

In a recent study, Deloitte discusses the impact of COVID-19 on video conferencing security, stating, “Between February 2020 and May 2020, more than half a million people were affected by breaches in which the personal data of video conferencing service users (e.g., name, password, email addresses) were stolen and sold on the dark web.”

Once the employee’s credentials are stolen, cybercriminals can use a technique called “credential stuffing” to infiltrate the employee’s corporate accounts. This is possible because many of us re-use the same password on multiple accounts.

Secure video conferencing is the responsibility of the software provider, the company leveraging these tools, and the employee that’s using them. It’s only by working together that we can defeat cyber security criminals. You can have the most securely encrypted video conferencing solution in the world and still have a security breach if your employee doesn’t follow the rules for safer computing. How can individuals and companies create the most secure video conferencing experience?

Encryption and other security measures are key to the most secure video conferencing platforms.
Encryption and other security measures are key to the most secure video conferencing platforms.

How Can You Create the Most Secure Video Conferencing?

Proactively following safety protocols and guidelines is an important step toward shoring up any secure video conferencing vulnerabilities. Companies must work hand-in-hand with their remote and on-site workforce to both assess the practices they’re using during video conferencing calls and mitigate those risks. Companies should also plan for the worst and have contingency plans in place should an unthinkable cyber breach occur.

Individual users of video conferencing solutions can have as much responsibility as corporations do to create strong cybersecurity best practices. This isn’t because individual users have the power or resources that large corporations do, but because many leaks are due to mistakes by an individual and, to be frank, there’s only so much a corporation can do to prevent user error. This should include:

·         Personal computers should have up-to-date antivirus and malware protection. This will help with lower-level attacks.

·         Staying aware of cybersecurity threats to cloud storage or email. For example, many phishing scams look like real email notifications.

·         Checking the home network password to ensure it is strong.

·         Setting up a virtual private network (VPN) as an added layer of protection.

·         Scrutinizing the end-to-end digital process to look for weaknesses.

·         Regularly evaluate your risks, both during video conferencing, and afterward.

·         Set up two-factor authentication whenever it’s available.

Security magazine recommends some general best practices that companies should teach and enforce with their employees. To create a secure video conferencing environment on every call, participants and the host should enforce:

·         Unique meeting IDs and unique invitation links for online events.

·         Use a waiting room before every event. Assign someone the responsibility for a roll call before starting the meeting. The goal is to confirm the participants and eliminate any unwanted guests.

·         Limit the sharing of any confidential documents over a public screen share during the meeting.

·         Restrict who can screen share. Typically, in a large meeting, this should be restricted to the speakers and host, for example.

·         Also, restrict the ability to share meeting invitations. Teach your employees to never post a meeting link in a public forum, such as social media.

Secure video conferencing starts with a solutions provider that takes cybersecurity threats seriously. What should you look for in a secure video conferencing solution?

What to Look for in the Most Secure Video Conferencing Provider?

Your video conferencing provider should be transparent about the security protocols they have in place. The highest security standards suggest using technology such as transport layer security (TLS 1.3) and end-to-end encryption, as well as offering strong ciphers and bit key depths. Your provider should also allow you some latitude to control the level of your encryption and security for your meetings.

Web-based video conferencing solutions are most effective at upgrading their software to counteract the latest threat. In the cloud, video conferencing solutions providers can run constant seamless updates to their software so that every video conference is secure with up-to-the-minute upgrades. Does your video conferencing solution:

·         Apply the latest tools and technology to their software? For example, new tools allow for host checking, which authorizes endpoints before allowing online access to a meeting or event.

·         Apply intelligence to identify indicators of attacks (IOCs) and respond appropriately?

·         Manage risk by preparing for attacks? Running cyber-attack simulations helps companies prepare for the worst-case scenarios that could occur.

·         Apply a zero-trust approach to cybersecurity protocols? This means your video solutions provider should constantly evaluate their default settings for vulnerabilities, allowing only authorized, authenticated end-users to access their software.

We live in an increasingly dangerous digital environment, where cyber terrorists and bad actors pose a danger to the very tools that we use to make business happen. Fortunately, companies like MegaMeeting are standing by to help your teams stay a little safer. Contact us to talk about our cutting-edge solutions and the steps we take every day to create the most secure video conferencing protocols available to our customers.

MegaMeeting solves the biggest challenges of modern video conferencing. For users, it is an all-in-one platform that delivers both video conferencing and webinars in a single, simplified interface. For attendees, it is 100% browser-based, making it highly accessible; joining a meeting is instantaneous from a single click. For enterprises, it is highly customizable, with white-labeling options for a private branded solution. For developers, it is API-driven and easy to integrate.

Powered by WebRTC, Node.js, React, and GraphQL, it is a cutting-edge platform that is fun and easy to use for users and developers alike.