Since today’s workforce is increasingly mobile, the ability to host or join a video meeting or call from your smartphone or from the personal desktop in your home office is a big plus as work habits continue to evolve alongside technical innovation and the physical constraints of the office are left behind.
And as people are increasingly able to different devices (such as personal devices and tablets) to access different work tools and services, this can raise security concerns, especially in larger enterprises managing large numbers of users. With videoconferencing, sensitive or proprietary information is regularly exchanged and employers need to feel confident that no one else can access information without permission. But what actually are the potential risks of non-secure communication and what steps can IT departments improve securityaround live video calls and conferences as more and more people dial in from anywhere?
Start by understanding the potential risks of unsecured lines
The most basic risk would be an uninvited guest intruding into your call or meeting. They could, in theory, share any information obtained with the public or, worse, with your competitors. They could access audio and camera feeds, as well as shared content via live screen-sharing. Subtler attempts to access informations might include unauthorized recording, re-transmitting or re-streaming everything to other unauthorized people, as well leaking data obtained during a call.
Thankfully these kind of malicious breach is very rare since it is pretty difficult to achieve during a live call using a professional videoconferencing service. Your service provider should protect against these kind of events with fully encrypted calls and media, whilst end-user can add their own additional layer of security by adding personal PIN codes.
However, security breaches don’t have to be deliberate; user error by an employee or third-party guest could create vulnerabilities that would give theoretical access to an uninvited user. As with other forms of data theft and security breaches, low-tech methods are more common than high-tech methods performed by export pros.
Systems not updated, or incorrectly configurd, users employing basic passwords (“123456”) or writing them down, or storing them on an unsecured computer someone forgot to shut down are far more likely in most organizations than a sophisticated high-tech hacking event. Of course, these are all potential security risks but they’re all very easily avoided as long as people are aware of their responsibilities and maintain some simple habits.
Tips for securing your video calls:
- Setting up and maintaining your system for safe calling
- If possible have all company hardware used on the service registered behind your corporate firewall rather than having videoconferencing equipment on public IP addresses
- Ensure that your system setup is configured to require encryption for all calls
- Keep all software versions up to date, including firmware versions for your devices
- Disable auto-answer on company devices. If there is no-one there to answer this prevents anything sensitive in the room being visible to the caller, for example, new designs, formulas, etc. written on that whiteboard strategically placed in front of the camera
- Close camera shutters and mute the system when not in use
- Choose a service that supports SSO (“Single sign-on”)
- This allows users to sign in with their authorized enterprise credentials (username and password)
- Users can create one very strong password to remember
- This helps with user management easier: password resets can be done for all platforms in one step, whilst users can be removed from multiple places in one step by disabling their enterprise login
- Make sure users to have some form of security application installed on any system or device they plan to use
- Keep people informed
- Remind your end-users of the need to regularly update their devices and applications
- Send out reminders and notifications for major updates and system upgrades
- Set a security policy for all company users
- All users must read and sign before use
- Passwords cannot be written down
- Passwords should not be stored on any unsecured device
- Users are required to change passwords once a year or whenever there’s been a suspected security breach (stolen/lost device etc)
- Provide training on basic security for video meetings. You could include topics such as:
- Activating and using your personal PIN code
- “Locking” your meeting room (preventing any others accessing the call once all invited guest have entered the meeting room)
- Cameras/equipment performing operations without instruction (unauthorized remote access)
- Sudden jumps in bandwidth consumption