Staying Protected While Connected – Video Conferencing Best Practices for Businesses and Consumers

The COVID-19 (coronavirus) pandemic has drastically altered today’s working environment with a seemingly ever-increasing number of workers being forced to telecommute while organizations are quickly digitalizing their processes and capabilities to ensure continuity.

Notably, there’s been a massive surge in video conferencing over the past several weeks – it’s a great tool for friends and family to stay connected, for students to continue classes online, and for workers to ensure productivity throughout the workday.

As with all digital and online tools, there are inherent security risks associated with utilizing video conferencing platforms – some concrete steps that consumers and organizations alike can take now to improve security include:

Making sure physical environments where participants will be video conferencing from have been secured in advance. Specifically, it’s important to remember to remove sensitive information, in any form, from viewable locations, such as on computer screens, whiteboards, etc.
Ensuring that all “smart” – Internet of Things (IoT) – listening devices, such as digital assistants, in the vicinity of where work is being performed are turned off and completely shut down.
Securing the network through which the video conference will occur. You should require ID and password authentication to get onto the wireless network and use the strongest level of encryption for Wi-Fi traffic so that those with access to any part of the transmission pathway will not be able to inject themselves into the communication. You should also keep wireless networks, as well as remote and online meeting tools, patched and updated – it’s important to do this as soon as possible after new code is released.
Using end-to-end encryption. Not just in regard to transmission of the meeting that is going on through the Internet, but also encryption at your device. If encryption isn’t utilized, then others who have access to your device will still be able to see, and possibly access, your meeting through your own device.
Making sure to follow your business information security and privacy policies if using a video conferencing tool for business meetings. Each organization should have a policy and procedure indicating the acceptable video conferencing tools that are approved to use for business purposes. For those that do not have such policies and procedures in place, many may be currently working to implement them.

Additionally, consumers that are utilizing video conferencing as a means of staying connected with friends and family should:

Set a unique meeting ID and a strong password to get into a virtual get-together – this is simple, but extremely important.
Refrain from putting your attending information online. Not even within a social media direct messaging communication. Most apps ask to have access to your contacts and your messages, which could enable them to gain access to your meeting. Limit the people who know the meeting information to only those you want to attend. Use individual email addresses or send the meeting info in a text message to ensure that no uninvited guests join your conference.
Limit the amount of people who can share their screen or files. In many conferencing platforms this can be accomplished by changing screensharing to “Host Only.” This will help prevent unauthorized attendees from “bombing” your meeting with unwanted images and videos.
Do not post photos of your video meeting. Not only is this a privacy issue with many video meeting tools, but you will likely also be publishing the associated meeting ID if you aren’t careful. This can then lead to uninvited people joining your meeting and sharing unwanted audio, video, photos, or malicious files.
Lock your video meeting after everyone has arrived. This will keep hackers and other types of interlopers from coming into your meeting without your knowledge.
Never keep the video conferencing tool left on and open to seeing and hearing in your house when you are not actually meeting. This allows not only sights and sounds to be recorded, but also, depending upon the configuration of the tool, creates a pathway into your wireless network.

Every type of technology has potential security challenges that consumers and business must be aware of – video conferencing is just one of many.

However, the above recommended practices outlines some key ways that consumers and organizations can more securely leverage video conferencing platforms for work and leisure alike.

Rebecca Herold, IEEE Member and CEO and Founder of The Privacy Professor® consultancy and Co-Founder of Privacy Security Brainiacs, is a leading information security, privacy and compliance expert. With over 25 years of systems engineering, information security, privacy and compliance experience, Herold focuses on helping organizations identify data risks and requirements to ensure data accuracy, safeguards, and privacy protections. Herold has also been supporting NIST information security and privacy research and standards creation since 2009. Herold has authored 19 books on a variety of topics pertaining to information security, privacy, compliance and other related topics.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.