Just in the first two months of the start of the SARS-COV-2 pandemic, the video conferencing market went up 500%. Of course, this doesn't mean that the market was stagnant before, but just for comparison, the increase between 2017 and 2019 (two-year period) was "only" 48%.
Of course, as more and more companies use video conferencing systems, this also opens up new attack vectors and security risks. In this article, we'll talk about the threats of video conferencing, as well as the best practices and apps for data protection that you should be employing.
Main Video Conferencing Risks
We can put video conferencing risks in two groups :
For instance, when it comes to privacy risks, the danger lies in either :
- Agreeing to share too much data with the video conferencing platform, which can then sell your data to a third party without your knowledge or consent, or
- Leaving your camera unattended or getting it infected with spyware, allowing hackers to spy on you, and broadcasting corporate secrets
On the other side, we have the security risks. Today, the video conferencing market is already worth billions, but it's estimated that it will be worth nearly $25 billion by 2028.
This naturally means that the players are all vying for their piece of the market share and are looking for new ways to improve their usability. Unfortunately, this is often done at the expense of security features.
Video Conference Privacy and Security Best Practices
Now let's go over some important video conferencing security and privacy best practices that you need to follow to protect your own, company, and client data.
1) Keep your software up to date
Here, we don't mean just the video conferencing platform, but also the webcam software, microphone, etc. Keep your software and apps updated regularly to give hackers less chance to find and exploit their weaknesses
2) Don't use the same meeting ID twice
While reusing meeting IDs may be more convenient for sharing, it also gives the chance to squatters to come in uninvited to your meeting.
3) No admittance without a password
A good way to prevent someone from just joining a video conference and disrupting it, or worse, stealing data is to add a meeting password. While this will somewhat reduce user experience and create friction, it's much better to add this layer of security than risk having what's going on in the meeting room known to unauthorized people
4) Verify attendees in the waiting room
The waiting room is an often neglected feature that many video conferencing platforms have, but it's a good idea to use it to verify attendees before you allow them to the actual meeting
5) The host/administator starts the meeting
In some video conferencing platforms, the meeting starts when the first guest arrives. That's not a good idea and it can be a security risk especially if the meeting link is forwarded. Instead, ensure that the meeting starts officially only when the host or organizer says so
6) Be transparent about the meeting being recorded
Some people will not be comfortable talking about sensitive information if the meeting is being recorded, for privacy reasons. For their sake, remind your guests that the meeting is being recorded
7) Disable chat
While it can be useful to have the chat option on during video conferencing calls as it allows you to share files without disrupting the conversation that's going on, this is not always necessary.
In fact, turning chat off will prevent sharing malicious links and documents or leaking sensitive information
8) Control who can share their screen
The danger of screen sharing is that users can end up sharing more than they intended. To prevent this, only the host should be able to share their screen. If others need to share, it's best to give them the necessary permissions before the meeting begins
9) Use a background blur or a virtual background
Do you remember that BBC News interview from 2017 that got interrupted by the guy's kids? Of course, these things happen and while they can be funny and cute (like in this situation), they are nevertheless distracting during business meetings, and using virtual backgrounds or just blurring your screen can help prevent such mishaps and keep the call going uninterrupted
10) Use end-to-end encryption
Any online data sharing, whether via email or video calls, should go through end-to-end encryption. Fortunately, most video conferencing solutions today have end-to-end encryption so all you need to do is enable it in the security settings.
What are the Best Video Conferencing Platforms?
Today, the video conferencing market is dominated by Zoom, which holds a 50% market share, followed by Microsoft Teams at 23%.
However, the rapid rise of Zoom (see the graph below) also means that Zoom is the biggest target for hackers and in April 2020, 500,000 Zoom accounts were sold on the dark web.
With this in mind, if you want to keep your video meetings private, consider some of these video conferencing platforms as an alternative for secure collaboration:
Signal is more and more gaining prominence as a free and secure video conferencing app that includes strong E2EE protection for y0ur video calls and accounts. In addition, unlike some other apps, Signal asks for permission to access your webcam and microphone (and doesn't just "assume" that you allow it).
That said, while Signal has a lot to offer when it comes to security features, group calls are limited to only five users at the most. This makes Signal less than ideal for business meetings and more as a peer-to-peer solution.
Wire is another free, open-source app for video and voice calls that boasts strong security and privacy features, including end-to-end encryption, secure file sharing, and even the ability to set the timer
In addition, as an admin, you have very strong control as you can add/remove people, access history as well as set a timer to destroy messages after a certain time.
Unfortunately, there are some privacy-related issues as Wire logs some personal data and also requires an email address or a phone number to register.
Jitsi is an open-source video conferencing software founded at the University of Strasbourg, France by Emil Ivov (the name comes from the Bulgarian word for "wires" -"жици") which today has over 20 million active users.
Jitsi uses ZRTP end-to-end encryption, developed by Phil Zimmerman for VoIP, which is based on the Diffie-Hellman key exchange and the Short Authentication String (SAS) for authentication.
However, the big shortcoming of Jitsi is the lack of file sharing options, making collaboration difficult.
As we started practicing social distancing because of the Covid 19 pandemic, video conferences have become the norm for both private and business meetings. However, many popular video conferencing technologies have their security shortcomings (Zoom added E2EE only a year ago) that may endanger your confidential information, understanding the best privacy and security practices and the biggest threat actors is a must.
We hope that this article has given you an idea on how to best ensure your own, your company's and personal client data is secure while you're having a video conference call.
Looking for email security best practices? Check them here.