In recent years, video conferencing has become increasingly common among healthcare providers, banks, and small businesses — and in the wake of the current global health crisis, video communication has become an indispensable tool as employees have been compelled to work from home.
But alongside the sharp spike in remote work scenarios and digital use, cyber risks have increased too. Info Security Magazine reported that hacking and phishing have risen 37% month-over-month, while cyber threats, in general, have increased up to six times. With employees making video calls from home networks with active microphones and cameras, the attack surface is even greater for cybercriminals.
Now more than ever, companies need to secure the way they communicate digitally, especially when it comes to video conferencing. To avoid the exposure of sensitive information, your organization should build video conferencing policies around best practices and select a vendor that adheres to a high level of security standards for their technology and services.
Secure Practices for Video Conferencing
It’s important to have clear policies and procedures to prevent would-be hackers from eavesdropping or interrupting calls, or stealing data shared during calls.
To secure your video calls, follow these best practices:
- Only authorized users from your organization should be able to set up video rooms.
- Regularly change access codes and links for video rooms.
- For sensitive topics, set meeting room PINs and distribute them immediately beforehand.
- Never use the same PIN twice.
- Use a pre-conferencing room to identify and approve all attendees, then move to the conference room and lock the call.
- Disable features you don’t need i.e., screen share, file share, attendee mics and cameras.
- Remove confidential or private information from the camera view.
- Require multi-factor authentication for use of remote control cameras.
- Only share highly sensitive information if all attendees are using a company-issued device.
- Don’t record calls unless absolutely necessary.
- Encrypt recorded calls.
- Have predetermined criteria for when it’s appropriate to record, and who may record.
- Delete any recording stored on the video conferencing platform.
- Do not allow the use of personal devices.
Especially prior to calls that will be recorded, remind participants to clear their virtual and physical workspace to not inadvertently share any sensitive information. Part of any virtual security program should also include periodic employee training to ensure they are aware of these best practices and following them.
Maintaining a secure video conference environment also means selecting a reliable video tool and service provider.
Vetting Your Video Conference Service Provider
If your organization already has a video conference tool, first make sure you have installed all software and system patches. If your current tool is more than five years old, it’s important to make sure the vendor has updated the underlying technology to keep pace with emerging threats.
Some factors that determine the security of a video conferencing platform include the type of data encryption used, how data is managed, and third-party video access authentication.
To secure networks and the content shared over them, video conferencing providers should encrypt machine-to-machine data traffic. The National Institute of Standards and Technology (NIST) calls for an Advanced Encryption Standard (AES) of 128 bits for audio and video content.
Secure data management and storage also means that your vendor should work with trusted data centers that have been independently vetted for security. Web service providers should be compliant with NIST guidelines and SOC 2 cloud service practices.
Finally, your selected video conferencing platform should have a built-in mechanism to ensure calls remain secure, and only trusted parties are allowed to join. This includes the generation of unique usernames, meeting IDs, an authentication process for third-party attendees, and self-destructing log-in credentials.
Security By Design with Vidyo
Vidyo’s Communication-as-a-Service (CPaas) empowers enterprises to embed high-quality videos easily into their existing applications and communication workflows. Our platform is built around the principles of confidentiality, integrity, and availability of data shared over networks. We ensure seamless and secure video communications by:
- Encrypting calls and content at AES 256 bits, well above the industry standard of 128 bits.
- Updating our cyber defenses regularly to meet emerging threats published on NIST National Security Database, MITRE Cybersecurity Registries, the Open Web Application Security Project, and other industry watchdogs.
- Using accredited third-party security companies to assess the cyber readiness of our products and services and the cyber readiness of our web service partners.
Vidyo has processes to continuously monitor, qualify, and manage new and emerging security threats. From hiring decisions to the encryption of virtual meetings, security is designed into every aspect of Vidyo to ensure video conferencing facilitates secure communication for all of our clients.