How To Secure Your Video Conference
President/CEO of Centex Technologies, an IT consulting company with offices in Central Texas, Dallas, Austin and Atlanta.
Covid precautions have led most businesses to shift to work environments that follow social-distancing guidelines. Virtual meetings have replaced many of the required daily meetings in organizations, and they are predominately taking place through video conferencing, chat rooms or conference calls. I wanted to briefly discuss 13 security precautions that organizations should take to protect themselves in these new — and common — scenarios.
Anyone taking part in a video conferencing session should remove unnecessary items from the camera’s view. These unnecessary items may reveal valuable or private information. You should make an effort to set your camera in such a way that nothing other than your face and upper body are in the camera’s view. Most video conferencing software has the option to turn off your video camera or wash out the background surrounding you.
Video conferencing sessions should be scheduled to help avoid interruption. Someone entering the scene can impede the progress of your meeting, or the person could start discussing confidential information that could affect your business. You should also try to avoid leaving your video conference software unattended; you will then be the cause of the interruption.
Access to tele-conferencing sessions must be controlled so that only legitimate users can join the session. The software you use must offer domain-based security. This will ensure that intended participants join through permission/login/invitation only. This will help prevent unauthorized access to confidential information.
Meetings should be password-protected, and the passwords should not be shared by embedding them in a meeting link. Meetings should also be set for a specific time with inactivity timeouts set in place — to avoid the video call being left open.
For more classified sessions, I recommended you utilize two-factor authentication when allowing participants to join the meeting. This not only helps secure your meeting from unauthorized access, but it also reassures your attendees that you are taking the proper precautions required for a classified meeting.
For meetings with a large number of participants, the concept of a waiting room should be implemented. Already verified participants can function as verifiers for newly joining participants. I often see outside organizations allow attendees to join a meeting with no visual or audio verification. Whoever is hosting the meeting should also have a list of the attendees readily available.
Encrypting Data Transmission
One prime vulnerability in video conferencing sessions pertains to the transmission of data, which must travel through public destinations. End-to-end encryption from the source to the destination is the answer. The software being used for conferencing must include an encryption option.
Restricting File Transfers
File transfers can either be blocked altogether or limited to some specific types. The transfer of .exe files must especially be blocked.
Using A VPN
In a remote-work scenario, some participants will be joining the session through a public, untrusted network. Therefore, the use of a virtual private network (VPN) is strongly recommended to avoid man-in-the-middle attacks.
Screen sharing should only be permitted for administrators or predetermined attendees. While screen sharing, you should be cautious of unnecessary items on the screen, as they may reveal sensitive information to attendees. Preferably, only a particular application’s window should be shared, instead of complete desktop screen.
One should be wary of the freeware applications for video conferencing. There is a possibility that the app is collecting data as part of its policy.
Be sure to thoroughly read the security guidelines for your video conferencing software. Some business may require a more secure video conferencing option than others.
Terminating The Session
You must properly terminate a video conferencing session and log out when the meeting is complete. Don’t make the mistake of assuming the meeting is over, exiting the meeting and closing the video conferencing application to ensure the session is terminated.
How Important Is This?
Is this really necessary? Yes! Your business should take securing its virtual meetings seriously. Failing to follow these simple precautions could cost you a contract, clients or even your business. Dont just ask your employees to follow the recommendations; add these security measures to your current cybersecurity policy.