The Covid 2019 pandemic has completely changed the way many businesses work. Nowhere is this better seen than in the meteoric rise of video conferencing.Just in the first two months of the start of the Covid 2019 pandemic, the video conferencing market went up 500%. Of course, this doesn’t mean that the market was stagnant before, but just for comparison, the increase between 2017 and 2019 (two-year period) was “only” 48%.Of course, as more and more companies use video conferencing systems, this also opens up new attack vectors and security risks. In this article, we’ll talk about the threats of video conferencing, as well as the best practices and apps for data protection that you should be employing.
Main Video Conferencing Risks
We can put video conferencing risks in two groups :
- Privacy;
- Security.
For instance, when it comes to privacy risks, the danger lies in either :
- Agreeing to share too much data with the video conferencing platform, which can then sell your data to a third party without your knowledge or consent, or;
- Leaving your camera unattended or getting it infected with spyware, allowing hackers to spy on you, and broadcasting corporate secrets.
On the other side, we have the security risks. Today, the video conferencing market is already worth billions, but it’s estimated that it will be worth nearly $25 billion by 2028.This naturally means that the players are all vying for their piece of the market share and are looking for new ways to improve their usability. Unfortunately, this is often done at the expense of security features.
Video Conference Privacy and Security Best Practices
Now let’s go over some important video conferencing security and privacy best practices that you need to follow to protect your own, company, and client data.1) Keep your software up to dateHere, we don’t mean just the video conferencing platform, but also the webcam software, microphone, etc. Keep your software and apps updated regularly to give hackers less chance to find and exploit their weaknesses2) Don’t use the same meeting ID twiceWhile reusing meeting IDs may be more convenient for sharing, it also gives the chance to squatters to come in uninvited to your meeting.3) No admittance without a passwordA good way to prevent someone from just joining a video conference and disrupting it, or worse, stealing data is to add a meeting password. While this will somewhat reduce user experience and create friction, it’s much better to add this layer of security than risk having what’s going on in the meeting room known to unauthorized people4) Verify attendees in the waiting roomThe waiting room is an often neglected feature that many video conferencing platforms have, but it’s a good idea to use it to verify attendees before you allow them to the actual meeting5) The host/administator starts the meetingIn some video conferencing platforms, the meeting starts when the first guest arrives. That’s not a good idea and it can be a security risk especially if the meeting link is forwarded. Instead, ensure that the meeting starts officially only when the host or organizer says so6) Be transparent about the meeting being recordedSome people will not be comfortable talking about sensitive information if the meeting is being recorded, for privacy reasons. For their sake, remind your guests that the meeting is being recorded7) Disable chatWhile it can be useful to have the chat option on during video conferencing calls as it allows you to share files without disrupting the conversation that’s going on, this is not always necessary.In fact, turning chat off will prevent sharing malicious links and documents or leaking sensitive information8) Control who can share their screenThe danger of screen sharing is that users can end up sharing more than they intended. To prevent this, only the host should be able to share their screen. If others need to share, it’s best to give them the necessary permissions before the meeting begins9) Use a backgr0und blur or a virtual backgroundDo you remember that BBC News interview from 2017 that got interrupted by the guy’s kids? Of course, these things happen and while they can be funny and cute (like in this situation), they are nevertheless distracting during business meetings, and using virtual backgrounds or just blurring your screen can help prevent such mishaps and keep the call going uninterrupted10) Use end-to-end encryptionAny online data sharing, whether via email or video calls, should go through end-to-end encryption. Fortunately, most video conferencing solutions today have end-to-end encryption so all you need to do is enable it in the security settings.
What are the Best Video Conferencing Platforms?
Today, the video conferencing market is dominated by Zoom, which holds a 50% market share, followed by Microsoft Teams at 23%.However, the rapid rise of Zoom (see the graph below) also means that Zoom is the biggest target for hackers and in April 2020, 500,000 Zoom accounts were sold on the dark web.With this in mind, if you want to keep your video meetings private, consider some of these video conferencing platforms as an alternative for secure collaboration:
Signal
Signal is more and more gaining prominence as a free and secure video conferencing app that includes strong E2EE protection for y0ur video calls and accounts. In addition, unlike some other apps, Signal asks for permission to access your webcam and microphone (and doesn’t just “assume” that you allow it).That said, while Signal has a lot to offer when it comes to security features, group calls are limited to only five users at the most. This makes Signal less than ideal for business meetings and more as a peer-to-peer solution.
Wire
Wire is another free, open-source app for video and voice calls that boasts strong security and privacy features, including end-to-end encryption, secure file sharing, and even the ability to set the timerIn addition, as an admin, you have very strong control as you can add/remove people, access history as well as set a timer to destroy messages after a certain time.Unfortunately, there are some privacy-related issues as Wire logs some personal data and also requires an email address or a phone number to register.
Jitsi
Jitsi is an open-source video conferencing software founded at the University of Strasbourg, France by Emil Ivov (the name comes from the Bulgarian word for “wires” -“жици”) which today has over 20 million active users.Jitsi uses ZRTP end-to-end encryption, developed by Phil Zimmerman for VoIP, which is based on the Diffie-Hellman key exchange and the Short Authentication String (SAS) for authentication.However, the big shortcoming of Jitsi is the lack of file sharing options, making collaboration difficult.
Conclusion
As we started practicing social distancing because of the Covid 19 pandemic, video conferences have become the norm for both private and business meetings. However, many popular video conferencing technologies have their security shortcomings (Zoom added E2EE only a year ago) that may endanger your confidential information, understanding the best privacy and security practices and the biggest threat actors is a must.We hope that this article has given you an idea on how to best ensure your own, your company’s and personal client data is secure while you’re having a video conference call.