When it comes to online security, there is something about webcams that gives people the jitters.
We are all aware of the risks posed by malware, by hackers breaking their way into sensitive company databases, by cyber fraud and digital identity theft. But if you want to single out the threat which terrifies people above all others, being spied on directly through a compromised IP camera ranks right at the top.
Five years ago, the chief security officer at a Boston-based cyber security firm demonstrated the threat this posed to businesses by hacking into the video conferencing systems of a dozen corporations around the globe. In doing so, he highlighted several risks insecure teleconferencing could pose.
Confidential and sensitive information is routinely discussed within the privacy of a meeting room. Once you create an access point into that room via internet-ready cameras and microphones and live stream broadcasts, you inevitably create vulnerabilities. Video conferencing is widely used to enable discussion on the most important aspects of business right up to executive level. Details of finances, contracts, acquisitions, employment and product patents are all likely to be divulged at one point or another.
Having trade secrets stolen by snoopers is one widespread fear associated with video conferencing. Another is the fact exposing certain categories of data to the wrong people in the wrong way – and it need not even be hackers we are talking about – can lead to serious compliance issues with data protection regulations, for example, GDPR.
These revelations about teleconferencing security caused widespread concern. That, however, was five years ago. Since then, huge strides have been made in recognising the data vulnerabilities all types of networked systems create, and how to fix them.
If you operate a video conferencing system, security should be a key priority. On the technical side, security protocols have improved no end in the past five years, not least because of the rise of hosted cloud-based conferencing services which include advanced security measures as part of the package. But best practice with video conferencing security also starts in the workplace and must be built into the culture of how teleconferencing equipment is used.
Below, we outline some of the key considerations for ensuring your business uses video conferencing safely and securely.
1 – Prioritise network security
It seems obvious with hindsight, but most of the vulnerabilities people fretted over in the past were caused by one very basic error. It is easy to assume that when you add a new set of applications or hardware to a network you believe to already be secure, they will automatically be protected by existing firewalls and so on.
This is not the case. Video conferencing endpoints and platforms will often need their own Session Border Controller (SBC) to manage traffic, including looking out for and blocking suspicious connections. This is is because they use different protocols to, for example, your VoIP or ordinary data connections. Firewalls also need to be configured accordingly, and network settings should be reviewed regularly to make sure they are up to date.
2 – Encryption is essential
Alongside network security, encryption is another absolute must for video conferencing security. On top of stopping snoopers from getting into the system, encryption secures the content of communications by scrambling them in transit using a digital code.
The industry standard for video conferencing encryption is now a minimum of 128-bit AES. To put that into context, it would take a computer a billion billion years to crack 128-bit encryption using so called ‘brute force’, or simply trying out all the combinations – in other words, it is virtually impossible.
Updating your video conferencing platform is a sure way of guaranteeing strong encryption. If you want additional levels of assurance, you can go up to 256-bit AES, and also use tricks like asymmetric encryption, where different codes, or ‘keys’, are used by different devices to encode and then decode the messages.
3 – Protect yourself with permissions
Not all data breaches are caused by hackers intentionally breaking into your systems looking for what they can steal. Video conferencing can quickly lead to security issues if the wrong people are inadvertently given access to communications they shouldn’t see, for example by using open virtual meeting spaces for private meetings, or not getting the settings right when inviting participants.
Permissions are your friend here. By creating different access levels for different types of conference, you build in control over who can access what. Many video conferencing platforms now support the creation of dedicated groups, tying in with the team collaboration platforms they are increasingly closely associated with. Whatever groups you create – executive team, marketing, communication with a certain supplier – only the members of that team can ever access video communications between members.
It is also good practice to password protect conferencing groups, and especially so if you plan to use virtual meeting spaces.
4 – Create a safe use policy
Using the most advanced network security and encryption options available will count for little if people in your organisation do not know how to use teleconferencing securely. Human error still accounts for the majority of digital data leaks. Common mistakes people make with video conferencing include:
- Connecting to teleconferences remotely on a mobile device via unsecured WiFi, for example from a hotel or other public place. This will undermine whatever security protocols you have in place in your own offices and on your own equipment
- Switching encryption off inadvertently, or not knowing how to set it up properly on their own devices
- Inadvertent exposure, such as having sensitive documents on display during a video call to someone who shouldn’t be able to see them
- Poor password practice, such as using weak codes that are easy to guess or not updating them regularly enough
To guarantee safe video conferencing practice, staff need educating. Drawing up a clear set of policies for how to use the system, how to use mobile and remote devices securely and best practice for keeping data safe via video links generally should be backed up by appropriate training.
