Securing Video Conferencing
Today, cybersecurity dominates headlines as businesses of all sizes and across multiple industries are falling victim to data breaches and distributed denial of service (DDOS) attacks. Yet unified communications technologies have gained less attention in the security conversation. Security in this space is an important consideration for every organization, particularly since companies frequently share mission-critical information via conferencing solutions.
Cyber-attacks evolve at light-speed, and IT departments work day and night to protect their organizations from the latest threats. While the task can be daunting, it isn’t impossible to stay safe.
Here are four tips to ensure your conferencing solution and practices do not compromise your confidential corporate information.
- Understand Your Provider’s Security
As an IT manager, it is your responsibility to ensure the collaboration products and services you entrust your company’s information with are as secure as possible. When selecting a provider, ask the right questions to understand security on every level: the data, the backend, the desktop application, and the device.
Here are a few things to consider:
- Encryption: All data, whether at rest or in motion, needs to be protected. At a minimum, look for vendors who offer 128-bit AES (Advanced Encryption Standard) and TLS (Transport Layer Security) encryption by default. Also ensure that chat conversations are encrypted for all parties.
- Firewall: Be selective and identify providers who allow you to keep all applications, systems and devices behind your firewall, and one that manages traversal through authenticated servers.
- Updates: Firmware and software updates often include patches to vulnerabilities or newer, more robust security. The best solutions include automatic updates, which ensure the most timely and efficient security, and are generally made possible by a cloud-based service.
- Physical security: Where are your provider’s data centers, and are they safe? Ensure that all data centers are protected by 24×7 security, are regularly audited and protected against physical intrusion.
- Change Your Defaults
Changing your passwords – and usernames, for that matter – from default settings to a strong, complex passphrase is a fundamental security requirement.
In 2016, we saw numerous cyberattacks – the most publicly recognized was the infamous assault launched by the Mirai botnet. Mirai targeted webcams connected to the public internet leveraging a rather simple security flaw: default administrative passwords still in place.
Speaking of passwords, it is also wise to password-protect confidential meetings. Professional, enterprise-ready video conferencing providers offer this option.
- Secure Your Network – In the Office and at Home
Networks are often an entry point for cyber attackers. Unsecured, your network can be the gateway to your entire company – all of its information and all of its devices.
To secure your network, you can:
- Restrict access to essential, approved personnel
- Block certain e-mail attachment files, like .bas, .exe or .vbs
- Regularly test for security holes
Remote workers need to be equally vigilant about protecting their home networks.
This leads us to our final point.
- Educate Your Employees
According to the Verizon Data Breach Investigations Report, human error continues to be a leading cause of security breaches. People are often the weakest link when it comes to security, which makes it imperative for companies to take responsibility for educating their employees about how to stay safe online and across devices.
In security trainings, you should share these best practices for video conferencing:
- For remote users, offer education on how to secure home routers, such as instructions for turning on wireless network encryption or using a virtual private network (VPN)
- Set strong passwords for accounts and devices, and change them regularly
- Switch off equipment when not in use
- Join video conferences in private settings
- Ultimately, secure video conferencing requires a combination of built-in security technology and responsible employee activity in the office and at home. In today’s landscape, security can’t be an afterthought – especially when it comes to mission-critical meetings.
By Vineet Misra