Video conference security

Collaboration, Digital Workplace, MS Teams

14 Tips to Improve Video Conference Security

Video conference security has come to prominence in recent times as working from home becomes the new normal. Video conference service providers like Zoom, Google Hangouts, Microsoft Teams, and Cisco Webex are just some examples of popular options. But they are not infallible tools. Recently the FBI warned of “meeting-bombers” gaining unauthorized access to video conference meetings through both Zoom and Cisco Webex.

There are many reasons to try to improve video conferencing security. Changing existing systems outright is sometimes harder to achieve. Businesses tend to stick to familiar tools. But there are ways to make the process safer.

Threats to video conference security

Besides meeting-bombing, threat actors can also insert malicious links into chats. Sometimes they can steal meeting links for continued attacks. This gives them multiple opportunities to plant Malware. Another form of attack is a Zero Day Attack. This is when cyber-criminals attack a known vulnerability in a software until it is fixed. The best ways to enhance your video conference security areas are the following:

If you are not the meeting organizer, make sure that the invite link comes from a trusted sender that you know. Be extra vigilant for malicious file extensions such as .exe. Do not click on a link that looks suspicious.

#2 Use the waiting room

If meeting participants enter the room before the organizer, it is common for them to start discussing items on the agenda. This can be disruptive as the organizer will need to do a roll call. A waiting room is a separate virtual room outside the actual meeting which allows the host to admit only approved entrants. You can choose to eject unwanted people from the meeting at this stage.

#3 Don’t reuse the same meeting ID

Keeping the same meeting ID is convenient for sharing and storing. However it is also easier for meeting-bombers to come back into a meeting. This endangers video conference security. It is for this reason that many video conference services now auto-generate new meeting IDs.

#4 Insert a meeting password

It’s important to go beyond a meeting ID alone and create a unique meeting password. This might be extra hassle, but it is crucial for video conferencing security. This is especially true for sensitive meetings. If your chosen service allows you to create your own password, use best practice and make sure your password strength is high.

#5 Verify attendees

It’s important to check the attendees as often as you can. If the meeting numbers are not too large, you should always confirm the participants during the call. If you find someone on the call who is not supposed to be a part of the meeting, you should remove them. This is particularly important for sensitive meetings.

#6 Lock the meeting once it is full

In the same way you would physically seal the door of a meeting room, you should lock the meeting once all the attendees have arrived. Many services can lock the room once everyone is in. This is good for video conference security and will reduce the chance of zoombombing the meeting. Be aware that because of connectivity issues, a participant can drop out. You need to be sure to unlock the meeting to let them back in and then relock it afterwards.

#7 Enable joining and leaving alerts

If you are the meeting organizer, you should enable a sound alert to tell you when people leave or join the meeting. This might be disruptive if you are in the middle of a discussion, but it is important to know who is on the meeting and who has left.

#8 Remind attendees if the meeting is being recorded

Many tools have the option to record a conversation. Make sure you advise everyone beforehand to get their consent. It is courtesy to say why, whether it be for training purposes or record-keeping. Make a point to remind them midway and at the end.

#9 Use a blurred or virtual background

With more and more employees working remotely, it’s important to be able to blur the background. This is important for video conference security in the home as it stops meeting-bombers being able to socially engineer their targets by having access to personal identifiers. In the work setting there might be confidential information on the walls which also must be blurred.

#10 Treat the chat room with caution

Not all video conferencing tools have the same level of security. Sharing sensitive information or documents in the chat room is not always the best idea. Only if you really are sure of the grade of security offered by your service. Video conferencing tools may not offer the same anti-malware protection as an email program, for example.

#11 Update all the time

Conferencing tools are likely to be installed on more than one device. As a result, this magnifies the potential access points for malicious threats. This can be avoided by updating regularly. Security vulnerabilities are likely to be exploited more effectively on older software versions.

You could be setting yourself up as a target by doing this. Any social media announcement of a meeting allows threat actors time to craft a malicious strategy. Always share meeting information privately.

#13 Video conference security training

A clear security policy allows you to establish boundaries and codes of practice for users. Video conferencing security is enhanced when house rules and training is followed. These could be that users must seek permission to record any part of the meeting. There might be an embargo on using personal devices for any recordings. Other examples are ensuring that cameras face the user directly, or that microphones are turned off when the user is not speaking.

#14 Report suspicious activity

An important part of maintaining video conference security is reporting any suspicious practices to your security team. Many threats can be contained when diligent users alert the right people to red flags.

Conclusion

Video conference services differentiate themselves from rivals by creating user-friendly and easy-to-use interfaces. Users desire simplicity when it comes to technology, especially during stressful times. But there is always a trade-off between security and ease of use. More and more security and privacy settings are embedded into video conference software. As threat actors constantly look for ways to exploit systems, it is good practice for users to play their part by following simple rules to minimize the risk.

Additional reading: FBI warns of Teleconferencing and Online Classroom Hijacking during COVID-19 Pandemic.