Video conferencing has become a core technology component for keeping operations moving forward in today’s business world. However, that growth has also led to privacy and security concerns, raising questions about these platforms and their ability to protect users while keeping sensitive information and data completely secure. Of note, Zoom’s platform usage jumped significantly post-COVID, yet one unfortunate byproduct of this dramatic increase was the exposure of several security flaws.
It is clear there are vulnerabilities to video conferencing that make cybersecurity protocols vital to the experience. Other popular platforms like Microsoft Teams and GoToMeeting have also noticed their share of privacy and security issues like those mentioned above.
With a hybrid of in-office and remote work seemingly here to stay, there is an added emphasis for businesses and the public sector to ensure that their virtual collaboration tools provide adequate privacy and security. If these widely used platforms are not able to address these key security concerns, they will continue to be easy targets for hackers with nefarious intent looking to compromise personal data.
The U.S. has started encouraging businesses and government agencies to be more aware of inherent cyber risks in today’s environment. This is especially true of the country’s economy and infrastructure, and healthcare facilities. The recent Executive Order on Improving the Nation’s Cybersecurity, focusing on a zero-trust model for managing access and authenticating users, is a step in the right direction after a string of government warnings harkening back to last spring.
In March of 2020, The FBI’s Boston office issued a warning about video conference and online classroom hijacking where they recommended exercising “due diligence and caution in your cybersecurity efforts.” New York’s attorney general sent a letter to Zoom outlining concerns about the company’s security measures to detect hackers and handle increased traffic on its network.
While the company responded to these issues by implementing a range of security improvements, including end-to-end encryption, the consensus is that these baseline security features should have been in place from the start. Even after new features were put in place, senators continued to question federal agencies’ safety while using the service openly.
Must-Have Video Conferencing Security Features
When choosing a video conferencing platform for your organization, it is imperative that cybersecurity is a top priority. While almost every platform offers some level of security these days, the key is finding the right mix of features that will ensure the highest levels of protection. Here are some recommendations for “must-have” cybersecurity features that will keep organizations and their communications safe:
- Encrypted audio and video: This might seem like a no-brainer, but it wasn’t until recently that Zoom started to do this. Without this key feature, anyone can eavesdrop on a conversation and see what’s on the camera unbeknownst to the user. With fully encrypted audio and video, on the off chance a cyber-attacker can break through this line of defense, there is not much they can hijack that is worth any value because what is being spoken and seen is entirely encrypted.
- Meeting authentication: Besides providing the option to require a password, most platforms fall short concerning authentication. Proper authentication is quite literally the first line of defense, and it should be taken most seriously. Without it, it is near impossible to identify meeting attendees as who they claim to be. Additional video conferencing features should include:
- One-time passcodes (OTP): Users are sent a unique code to access the meeting that can only be used once.
- Two-factor (2FA) and multi-factor authentication (MFA): This requires the user to provide two or more verification factors to gain access to a meeting. 2FA and MFA are commonly used in conjunction with an OTP as an additional verification factor.
- Out-of-band authentication (OOBA): This is a type of 2FA that requires a secondary verification method through a separate communication channel. For example, one channel could be the user’s internet connection on their computer, while the other could be their wireless network connection on their mobile device. OOBA is regarded as the most secure method of authentication.
- Biometrics: This entails a unique physiological or behavioral trait captured to confirm the individual’s identity, such as their fingerprint, facial recognition or a retina scan.
- Endpoint protection: This feature protects endpoints from a new type of spyware that can steal a video conference’s audio & video portion.
- Anti-keystroke logging: This prevents undetected keyloggers from capturing any keystrokes typed on a computer or mobile device keyboard.
- Anti–screen capture: This is a feature that eliminates the risk of unauthorized screenshots from taking place.
- Clipboard protection: This feature prevents copied clipboard data from being stolen by malware.
Protecting Data and Sensitive Conversations Should be the Leading Priority
The video conferencing market is seeing stellar growth heading into 2022 as the business world continues to face uncertainty around the future of in-office work. As cyber-attacks and disruptive virtual meeting incidents become more common, it is imperative for organizations, regardless of size and in both the public and private sectors, to take a closer look at their communications tools to ensure total organizational safety and security. This entails going beyond just training and vigilance, so companies can feel confident that they can meet the numerous cyber-related threats and challenges that lie ahead.
George Waller EVP and Co-Founder of StrikeForce Technologies | infosecurity-magazine.com