Video Conferencing Security in a Hybrid Work Environment

August 30, 2021

 

Video conferencing is a critical tool for hybrid and fully remote employees. It plays a vital role in keeping employees connected and productive. However, as can be expected, anything being used consistently by many workers will also become an attack target of bad actors. Aside from external threats — such as software security vulnerabilities that could result in remote code execution, remote controlling of webcams unbeknownst to the participant or denial-of-service attacks — there are basic hygiene and video conferencing security best practices that will help keep this critical communication tool safe and more private for employees and their employers.

Here are 10 tips to help enterprises adapt to a video conferencing-enabled workforce and set them up for the long haul to host remote meetings in a secure and private manner. Note, these are general recommendations, not vendor-specific ones. Not every product will support these features, but if available, they should be implemented. This list can also serve as a way to qualify existing tools versus other options on the market.

1. Enforce meeting starting rights
Some video conferencing platforms have the option to start a meeting as soon as the first guest arrives — much like a physical meeting, where attendees stream into a conference room before the host and start chatting. Organizations should disable this option if the meeting requires the host to control the official start of the meeting. This is also critical with meetings getting forwarded and unapproved individuals attending.

2. Enable the waiting room and verify attendees
Beyond enforcing meeting starting rights, using a waiting room option enables meeting coordinators to hold participants until they are granted access. This will further ensure any unwanted guests don’t attend.

4. Add a meeting password
Beyond creating a unique meeting ID for each meeting, be sure to add a meeting password. While this adds some user friction, it also adds a layer of needed protection, particularly for critical meetings. In the face-to-face world, password authentication would be the equivalent of recognizing each other’s faces in a physical conference room. Ensure passwords are strong, and only provide passwords to authorized attendees.

5. Lock the meeting once quorum is reached
Similar to physically locking a room after all the attendees have arrived, many tools can virtually lock the room after all virtual attendees have checked in. This prevents any unauthorized entrants.

6. Remind attendees if a meeting is being recorded
Most tools have a recording option. If a meeting is going to be recorded, for privacy reasons, make it a point to announce this at the beginning, halfway through — for employees who may have joined late — and at the end of the meeting.

7. Use a virtual background
With more than one remote employee sharing a house or workspace, having the ability to blur or replace the screen’s background is a critical privacy feature. For example, Zoom and Microsoft Teams have virtual backgrounds and offer background blurring. These features prevent any accidental snafus and enable team members to stay focused even in the presence of distracting background activities.

8. Treat the chatroom with caution
As users get more comfortable with video conferencing platforms, additional communication capabilities the programs offer, such as chatrooms, will gain traction. Caution employees to never share confidential information or files in chatrooms. Also, be cautious of potentially malicious links in chatrooms.

9. Keep software up to date
With many user devices — laptops, phones and tablets — at home, the ubiquitous conferencing tool is likely installed on more than one. And, with these tools in the crosshairs of attackers and ethical hackers alike, the frequency of software updates for critical flaws is likely going to increase as well. Be diligent in updating these video conferencing apps more frequently on all devices.

10. Use encryption
When evaluating video conferencing software, ensure it offers encryption capabilities — end-to-end encryption, if possible. Once installed, enable the available encryption features on the tool.

Cybersecurity with Lighthouse Technology Partners
Lighthouse Technology Partners is an award-winning, strategic IT Provider delivering managed IT services, cyber security and cloud consulting for the modern workplace. We have over 35 years dedicated to bringing enterprise-ready solutions and security to small and mid-sized businesses across North America.

Have questions? Feel free to contact Lighthouse Technology Partners today for a free consultation.