With users relying more than ever on video collaboration, threats to its security are proliferating. While users and enterprises are familiar with headline-grabbing incidents such as Zoom bombing and malicious activities of malware creators and bad actors, the threat surface is far wider. Seemingly innocuous activities can pose significant threats. The introduction of AI and meeting assistants, usage of public Wi-Fi or insecure home networks, potentially compromised devices, access via mobile devices, lack of meeting passcodes, and failure to follow sign-on policies have all posed new threats to secure video collaboration.
Additionally, unauthorized access through weak passwords, data breaches from shared sensitive information, AI-powered impersonation attempts, and insecure storage of meeting recordings further complicate the security landscape. Even subtle actions like using unapproved video backgrounds or failing to blur personal spaces can inadvertently expose confidential information, underscoring the complex nature of safeguarding modern video collaboration platforms.
Subtle security risks
“It can be so subtle,” confirms Eric Peterson, the Principal Security Consultant at New Era Technology.
“In video conferencing, minor security lapses can occur when individuals choose to use unvetted AI assistants or recorders, unapproved video backgrounds, or fail to use background blurring, potentially exposing their personal spaces and confidential information to other participants.”
Peterson highlights that seemingly innocuous details visible during video calls can pose security risks. Personal items such as medication bottles on a desk or leftover lunch items in view of the camera can inadvertently reveal sensitive information about the user. These visual cues could potentially be exploited by malicious actors, compromising individual privacy and potentially the organization’s security.
Best Practices for Secure Video Collaboration
To enhance video conferencing security, Peterson recommends a multi-layered approach:
- Use unique meeting IDs for each session
- Implement password protection, especially for sensitive discussions
- Enable waiting rooms to vet participants before granting access
- Utilize robust participant management tools
“The best practice is to use a dedicated, secure network for video conferencing, so you segment and isolate video traffic,” Peterson explains. This approach, combined with end-to-end encryption and limited data collection, significantly reduces the risk of unauthorized access or interception of video communications.
Organizational policies and user behavior
Organizations should reinforce policies and ensure that IT departments clearly communicate acceptable practices. Many weaknesses and threats are introduced by non-malicious activities or employees who believe they are helping to be more productive and efficient.
“It’s amazing to see how many different types of apps users download and install,” adds Peterson. “There’s no justifiable need to download the Tor Browser (to access the dark web), BitTorrent clients, file sharing apps, cryptocurrency mining software amongst others on a work device, but people think it’s OK.” These applications can introduce significant security risks, including malware, data leakage and potential legal issues.
Securing home networks
For remote video collaboration, Peterson emphasizes the importance of securing home networks. “Organizations should provide clear guidelines on home network security,” he advises. This includes:
- Requiring the use of WPA3 or WPA2 encryption
- Implementing strong, unique passwords for Wi-Fi networks
- Ensuring employees use a company-provided VPN when accessing sensitive information
Organizations should also consider providing employees with enterprise-grade antivirus software and regular cybersecurity training to address the unique challenges of remote work environments.
New Era Technology SecureBlu security services
To help organizations ensure secure video collaboration, New Era Technology offers SecureBlu, its direct interface for security and risk management providing:
- Security posture assessments, business impact analysis and risk reviews
- vCISO and trusted advice on security audits and regulatory compliance
- Incident response coordination (e.g., during a ransomware attack)
- Much more!
Conclusion
“End-to-end encryption is vital to secure video collaboration,” concludes Peterson. “Having that monitoring and visibility into the video network traffic ensures anomalies and threats can be identified and acted upon.” However, it’s important to note that while major providers like Teams, Zoom, and Webex offer E2EE, its implementation often comes with limitations on group size and feature availability. Organizations must carefully balance their security needs with functionality requirements when implementing E2EE. Peterson emphasizes, “Organizations must set clear policies regarding how users should react if there is Zoom bombing or unauthorized participant, how links should be shared, and how all the subtle points of weakness can be addressed to minimize the threat surface.”
By implementing comprehensive security measures, fostering a culture of awareness, and staying ahead of emerging threats, organizations can significantly enhance their video collaboration security posture. This approach safeguards against both obvious and subtle risks in today’s rapidly evolving technological environment. As video conferencing becomes increasingly integral to business operations, maintaining robust security practices is crucial for protecting sensitive information and ensuring seamless communication in our interconnected world.