In a recent survey conducted by market research firm Propeller Insights of 1,000 IT professionals, respondents reported significant concern about the cybersecurity of their video conferences. They said they see a growing number of cyber threats and foreign attacks capable of impacting video conferencing and 97% said they would want to know about a solution for enhanced video conferencing security. The reality is that although cybersecurity is a focus of the Biden administration – which was signified by the president signing an executive order to improve the nation’s cybersecurity in January of 2021 – video conferencing cybersecurity has curiously not been spotlighted despite the shift to remote and hybrid work. Overall, the findings of this survey suggest that video conferencing should be much more than an afterthought.
Other statistics of the survey
The majority of the respondents (89%) reported concern about foreign attacks as they see a rise in threats. And 79% said that they were very knowledgeable about the concept and framework of Zero Trust cybersecurity, with 86% stating that their company had Zero Trust cybersecurity policies in place. All of the respondents’ concerns are indicative of a need to focus on beefing up video conferencing platforms with tighter security features and that video conferencing cybersecurity needs to be highlighted within the realm of cybersecurity.
But what exactly is Zero Trust and what is its connection to video conferencing?
On the heels of the infamous SolarWinds hacking, which went undetected for months, technologists devised guidelines for authenticating and authorizing each individual user of a platform. The National Institute of Standards and Technology (NIST) established recommendations and guidelines for Zero Trust cybersecurity which comprise a Zero Trust framework, a "strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction."
With the most proprietary and private corporate information shared through video conferencing today and with remote and hybrid work here to stay, it behooves organizations worldwide to ensure that their collaborative communications platforms are in compliance with this framework, preventing bad actors from obtaining access to data. This is especially important across critical industries and sectors requiring compliance (i.e., HIPAA in healthcare).
Steps companies can take to ensure safety in video conferencing
The way we see it, each and every conference participant must be individually authenticated and authorized before entering a particular conference. After all, that is the crux of Zero Trust as defined above. With that in mind, sending the same passcode (or link) to all participants isn’t going to protect users, it is essential that a unique passcode or push message is generated for each user and for each and every conference.
It is also imperative to classify which tier of conference a specific meeting is. Is it a high level meeting that requires the tightest of controls (i.e. one that pertains to a discussion about a merger and acquisition) or a more relaxed meeting where proprietary information is not shared (i.e., welcoming a colleague back from maternity leave)? Once you have classified the level of the conference (“Level One” being more relaxed and “Level Four” being the most critical), you can decide which specific measures need to be taken to protect it.
"Layering" is key to security in collaborative communications. Most of the popular video conferencing companies ask that you download desktop client software, which is quite problematic when protecting critical data. Bad actors can steal information from desktops, video streams, microphones and audio equipment. They can also capture a user's keystrokes and steal screenshots. Good cybersecurity measures assure that these hacking methods don't happen.
Other recommendations for secure video conferencing
Following are examples of measures that can be taken to protect video conferences:
- Rather than using a desktop, have entirely web-based conferencing, eliminating exploitable desktop clients.
- Ensure that there is fool proof, multi-factor authentication (MFA)
- There should be keystroke protection (a method of protecting everything typed into a keyboard)
- Establish out-of-band authentication (so communication channels used to authenticate each-user are separate from the channels used to sign in)
- Verify users with biometrics technology (i.e., fingerprint identification and facial recognition).
- As mentioned above, when looking at video conferencing vendors, other things to consider include: assessing the platform's ability to prevent screenshot capture and protect cameras, microphones, speakers, keyboards and clipboards.
The video conferencing space used to be a $2 billion one before Covid and is now at $100 billion. This occurred within only two years, which is a staggering statistic when you wrap your head around it. Since video conferences have become the fabric of corporate America and business interactions worldwide, we must pay much more attention to these platforms' security features to protect businesses today. The above-mentioned survey’s results attest to the fact that this is an area of growing concern and one to greatly consider when it comes to achieving good overall organizational cybersecurity hygiene.
