Data privacy. A topic on everyone’s minds today and one that affects nearly every industry, from healthcare to government to retail. In 2016, 4,149 data breaches exposed a staggering 4.2 billion - with a b - personal records. A single breach can cost a company millions of dollars, not to mention loss of customer confidence, and the stakes are simply too high to not protect your information.
Realizing this, many countries have put laws in place to help protect sensitive data. For instance, European Union countries must comply with the EU Data Protection Directive (also known as Directive 95/46/EC), those in the United States have the Privacy Act and the Health Insurance Portability and Accountability Act (HIPAA), and Canadians have Federal Personal Information Protection and Electronic Documents Act (PIPEDA), to name a few. The EU’s General Data Protection Regulation (GDPR) is also top of mind for many organizations since it goes into effect May of 2018.
To comply with these rules and protect themselves against a possible breach, organizations should look at the security of every piece in their technology stack, including communications platforms. Don’t let one of the simplest tools you use, such as videoconferencing, be your weakest link!
When evaluating the security of a videoconferencing service, here are a few questions to ask:
1) Will my data travel across national borders?
For many companies, especially those in Canada and the EU, this is a major concern. When media traffic leaves a country’s borders, it can become subject to other nations’ laws and regulations. Even video calls that originate and end in the same country can be affected through “boomerang routing,” which sends information outside the border and back. This issue of network sovereignty can be mitigated, however, by choosing a service built on a dedicated videoconferencing network, rather than the public internet. Not only does this address privacy concerns by keeping data local, but it also cuts the risk of Denial of Service (DoS) attacks that run on public IP. A side benefit is that you can experience better call quality and reliability with a dedicated network.
2) How will a videoconferencing service work with my company’s firewall?
Firewalls play a critical role in a company’s security infrastructure. To get the most value from your firewall and protect your sensitive information, choose a videoconferencing solution with secure firewall traversal built in. Historically, many video systems did not include this feature, but risked the possibility of hackers breaching the system, taking over, and listening to sensitive conversations. By hosting your system behind your firewall and connecting to a secure cloud service, you can protect your data while still talking with others outside your organization. Encrypted media traffic will cross your network boundary using the trusted connections that are established from inside your network to the outside.
3) How can I be sure no “bad actors” get access to my information?
Look for a solution that monitors network traffic so you can prevent and detect any fraud attempts. Many services can recognize patterns and filter traffic to spot potential security threats before they materialize. These threats, which appear as anomalous activity, can then trigger alarms that notify an on-call team to take action. In addition, look for a provider that uses an Intrusion Detection System (IDS) to secure the servers used to host the cloud service, and that employs encryption to ensure that your incoming and outgoing call data is safe from prying eyes.
4) What about stored data?
When it comes to data storage, standards matter. Regulations like SOC2, SSAE16, and ISO27001 were enacted for a reason, and using a video solution that complies with these rules will help you safeguard your company’s sensitive information. Consider where the data will live, and be sure servers are placed in reputable, third-party data centers where physical access is highly restricted. In addition, look for a storage network that will provide redundancy in case of failure. This way, even if it a server goes down, your calls will route to the next-closest server so you can stay online.
5) What else should I consider?
For an added layer of security, ask whether your company’s end-users can create a PIN number for meetings they host. This way, all participants will be in a “waiting room” until the host joins the call. Additionally, look for the ability to “lock” a meeting once all participants are present to ensure no lurkers join unannounced.
To learn more about how to secure your video calls, check out this blog post from my colleague Tom. With the right planning, you can prevent unwanted guests from joining your meetings and protect your organization’s sensitive data.