Video conferencing security – demystified

Video conferencing security

Video conferencing security is an increasingly important part of many lives. After all, conferencing is a seriously powerful and seriously useful tool. It’s used by people far and wide, from all walks of life, for all sorts of reasons. From remote teaching to yoga classes, investor pitches to family quiz nights, there’s no limit to the ways video conferences can bridge communication. But no matter how playful, personal or professional the contents of the call, the act of video conferencing – as a seriously powerful tool – must be taken seriously.

Video conferencing security is a priority

Lately, many of us might have been thinking more about security risks when we video conference. That’s partly because we’ve likely been using conferencing software more than ever, in the face of social distancing rules and lockdowns.

But there’s also been much more talk of video conferencing security in the news. In fact, security issues have come to light from some of the biggest names in video conferencing. There’s even been a newfound practice of ‘Zoombombing‘. This is where people join others’ Zoom calls, shout abuse and share heinous materials. There was also the unsettling possibility that people were lurking on video conferences to spy.

In fact, Zoom was banned in US schools, with many businesses following suit.

Thousands of new phishing domains have also been created since lockdown began. These hope to install malware on people’s devices and steal money. Some also simply intrude on video conferences. It was found that Zoom’s “vanity URL” also left users even more exposed to phishing exploits.

Video conferencing security is our responsibility, too

Poor security practice has also been at fault. As people are eager to create a sense of community and camaraderie, and show that productivity hasn’t been in decline, many have shared screenshots of their conferences. While the intentions are undoubtedly good, this creates security concerns. Researchers were able to extract personal data from these screenshots of video conferences. This includes appearance, age, gender and name.

As people who aren’t so familiar with video conferencing get to grips with softwares, there’s room for mistakes and missteps. It might seem overwhelming, but learning the basics of video conferencing security is important and simpler than you think! Many of the steps to maximise your video conferences’ security are more or less common sense. These are habits that you’ll form in no time, and which will make a world of difference to your security.

Read on for our top tips to address all your security concerns before, during and after your video conferences.

Before the video conference

Even before the call starts, video conferencing security should be front-of-mind. In fact, it should be a top-tier priority in the very first steps of organising a video conference. We’re talking, of course, about choosing your video conferencing service.

What to look for in a video conferencing provider

The service you choose is paramount; you’re putting a lot of trust, and generally a lot of personal information, in its hands. It deserves a good amount of thought!

There are a couple of different aspects to consider as you whittle down your video conferencing options.

1. Video conferencing encryption

It’s important that all of the information you share while video conferencing is encrypted. Essentially, that means the information is scrambled, so that if it’s somehow intercepted it makes no sense to anybody!

Look for a provider like Call.Group which encrypts all its video conferences. We use hop-by-hop encryption, encrypting every stage of your call separately. The video call from every participant to our servers carries encryption. Our servers decrypt the video call they receive, and re-encrypt it. Then they forward it to other video participants. So you can see each other but no other prying eyes will.

2. Think about how your video conferences will be accessed

Some providers only require someone to know a video call’s room number to join. This has led to notorious security breaches. Even the likes of Prime Ministers aren’t immune!

To minimise your security vulnerabilities, look for a provider that makes it more challenging to join a call. For example, Call.Group video conferences require not only the unique room number, but a secure PIN. This adds an extra layer of security to your video conferences.

3. Multi-factor authentication boosts your video conferencing security

Look for a provider which requires multiple levels of authentication to log into your conferencing account. That way, you’ll know it’s extremely difficult for anybody to hack your account and get hold of any information.

4. Cyber-security still has physical aspects!

Some people forget that even digital firms need to be vigilant about physical security. But it’s worth paying attention to your video conferencing providers’ data centres and servers. Security vulnerabilities there can seriously impede your video conferences’ reliability and privacy.

Here again, Call.Group puts security first. All of Call.Group’s systems are in UK data centres with ISO and PCI DSS security frameworks. All physical and remote access is heavily restricted.

Remember video conferencing security as you invite people to the call

Once you’ve chosen a trustworthy provider, you’re ready to start planning your video conference. The most important part of that is, of course, your participants. After all, the whole point of conferencing is to communicate with others!

1) Guest lists: it’s crucial to think about exactly who should be on the call. This is a key element of planning the perfect video conference for many reasons, from productivity to morale. But perhaps the most important is for security. Think about what’s going to be discussed. Then, think: who really needs to know about it? Try to keep your guest list as exclusive as possible.

2) Sending invitations: be careful about how you share your dial-in details. Ideally, you’ll choose an encrypted communication method. That might be email, or an internal direct messaging software your company uses. You should absolutely never write down the details if they might be on view or fall into the wrong hands.

3) Brief your guests: once you’ve shared the dial-in details, a lot of responsibility is on your guests’ shoulders. You need to make sure they also know not to share the details. Remind them to guard them carefully. That means not having them on display on their screens when people are passing by. They also shouldn’t leave them on post-its stuck to their monitor. It’s up to them to generally educate themselves on video conferencing security. It might be helpful to point them to security guides like this one, so that they can be clued up on security best practices.

Planning when and where your video conference will happen

This can sound puzzling. After all, the point of video conferencing is that it’s mobile. Location doesn’t really factor into security, right?

Well, not quite. There are two important things to consider. Firstly, think about who is around you. Even if you’re wearing headphones, even if your screen is facing away from everybody, people can hear your contributions to the conversation. So, if you think you’re going to say anything that isn’t public knowledge, you should be in a private space.

The second thing is the security of your network. Remote workers often frequent coffee shops and other communal spaces. Unfortunately, though, connecting to shared and public Wi-Fi brings up a host of security concerns. In fact, many people advise against connecting to a public Wi-Fi ever, let alone for a secure video conference. There have also been troubling cases of specially designated Wi-Fi for remote workers leading to privacy breaches and information leaks.

Another thing to consider is if the computer itself is shared. Of course, it’s not unusual to work from a shared computer. It might be in an office, a remote working space, a library, or at home on a family device. In any case, it’s definitely something to think about. That’s especially true if you’ll download or circulate materials related to the meeting – including the recording. If it’s unavoidable that you use a shared device (and remember, you can always video conference from your own mobile!), be very careful about wiping any materials after you’ve finished.

You should absolutely aim to be in a private space, on a private network and a private computer to ensure your video conference is secure. Otherwise, you inevitably open yourself up to security vulnerabilities.

During the video conference

This is probably the part most people think about when considering their video conferencing security risks. It is undoubtedly important! As well as choosing the right provider to make sure your call runs smoothly and safely, there are extra steps you can take during the call to maximise your video conferencing security.

Location, location, location

For the people who skipped all the preliminary stuff, look up because there’s very important information above! It’s crucial that you think about your setting: who can hear you? Who can see your screen? What device are you using? What network are you on? Consider your cyber-location, so to speak – does your company require you use a VPN while working remotely? If you’re video conferencing from a browser, what browser are you using? Have you considered the security features it has in place? Similarly, look at your own security settings on that browser.

Also, don’t forget to remind all of your guests of this guidance, too. It’s no use you taking extra precautions, only for them to be video conferencing to the eyes and ears of a local cafe!

Think about what programs and files are open – on your computer and your desk

A really great feature of web conferencing is the ability to share your screen. But that means that you need to be vigilant about what’s on display both on your computer and in your physical surroundings.

Even having emails open but minimised can spell disaster. Things can be opened accidentally while you try to find the right presentation, and could be displayed to the whole conference.

It’s also critical that you think about what notifications might appear on your screen. Do previews of emails, text messages, and internal IMs appear? If so, it’s really important that you disable these ahead of the call. Or shut the applications down entirely. A confidential message could arrive, and you don’t want the whole call to see.

Likewise, think about what might be visible around you. Clear your desk and shelves of any sensitive information. It’s better to be safe than sorry.

Make use of call recording for video conferencing security

Call recording has a whole of host of benefits. For instance, one crucial example is the added security it can give to a video conference.

By recording the call, you’ll be able to verify exactly what was said, and who was on the line at any given moment. As a result, it can be a useful tool if there are any privacy breaches, or if there is any sort of legal dispute down the line.

Use the features offered by your video conferencing provider

Different features target different purposes, and sometimes even different audiences. That can also be true of softwares themselves! But what all users, all providers, and all conference calls have in common is that security always counts.

Whatever your conferencing provider, there will be features and modes that help boost your video conferencing security.

For example, Call.Group has the ‘Host required’ function. It means that the call can’t start until a Host is present. We also let you remove any guests who perhaps shouldn’t be present – to the call as a whole, or to certain sections of it.

With your Presentation room, you can also guarantee that there are no interruptions or outbursts. That room automatically mutes Guests’ cameras and microphones.

Finally, you should be sure to enable Multi-Factor Authentication. That way, you get the reassurance that your entire account is doubly protected.

After the video conference

You’ve finished the meeting, but not all the work! And we don’t just mean all the tasks you have to action before the next meeting. There are still steps you should take to maximise your video conferencing security.

Debrief your team with security reminders

We all know the importance of the debrief. It consolidates progress and reminds us of what to change and what the next steps should be. Similarly, it can really make a difference to morale, and show people just how much they are achieving.

But it also offers a vital opportunity to reinforce overarching ideas. One of these is the importance of protecting your video conference’s security. In other words, you should take the debrief as an opportunity to remind people to store the dial-in details very securely, and not to share them with anybody else. You should also be very clear about exactly what can and cannot be shared, and with whom. As a result, there will be no room for doubt or error.

Of course, be sure to treat the security of your debrief as seriously as all other communications. For example, in an ideal world you would choose an encrypted channel if you aren’t speaking face-to-face.

Don’t forget security when it comes to sharing the recording

Obviously a tool as powerful as video conference recording should be shared. After all, that will make the debrief, minutes or revision notes, and clarity on the next steps easier for everybody.

But all of your video conferencing security efforts are wasted if you don’t follow through all the way to sharing and storing the recording.

1) Again, you should be extremely selective when deciding who to share the recording with.
2) Think about how you share the recording. Once more, you should be choosing secure and encrypted channels.
3) How will you store your recording? This, too, should be encrypted, accessed with a password. You could even use MFA in addition to that.
4) Any recipients should be fully clued in to special security measures they should take when storing their copies of the recording, too.

With simple steps, video conferencing security is easy

In short, see, there are lots of steps you can take to maximise your video conferencing security. Be discerning when choosing your provider and guests. Be mindful when you decide where and when to join the call. Keep all communication and storage encrypted and password-protected. Clearly, these are all running themes and recurrent ideas. Once you nail down a couple of habits, the rest will feel like common sense, and it will all become second nature.

Firstly, choose a provider like Call.Group, who keeps security and privacy as a top priority. Then just be sensible and mindful with your own security practices. With those steps, you’ll be sure that video conferencing security isn’t a cause for concern.

Photo by Debby Hudson on Unsplash