5 minutes with George Waller - Best practices when using video conferencing platforms

March 15, 2021

Video conferencing platforms have become an essential communication tool over the past year. In addition to increasing team collaboration, video conferencing can help prevent miscommunication among teams, increase engagement, and allow for face-to-face communication to help build relationships among teams, particularly for remote teams. Though the benefits are many, there are growing concerns about the security shortcomings of video conferencing, according to George Waller, EVP and Co-Founder of StrikeForce Technologies. To get more insight on this topic, we spoke to Waller about key challenges with securing video conferencing platforms, as well as why these services are so susceptible to hacking.

Security: What is your background and current role with Strikeforce?

Waller: I would consider myself both an entrepreneur and a technologist at heart, and have spent the majority of my decades long career working in the tech industry building computer systems. My passion is in developing market-changing software and platforms that helps keep users and their systems secure. Currently I am EVP and co-founder of StrikeForce Technologies, a cybersecurity tech company that helps organizations and businesses prevent damaging data breaches and instances of cyber theft. Millions of users worldwide have downloaded our software, and our company played a pivotal role in pioneering the creation of two of the most widely used cyber security technologies: “Out of Band” authentication and keystroke encryption.

Today, our technologies are widely used in the marketplace across sectors like banking, healthcare, education, manufacturing and government. We are now taking all of our cybersecurity solutions and security expertise into the growing video conferencing space.

Security: Let’s discuss the rise of video conferencing during the pandemic. Are there privacy and cybersecurity vulnerabilities with video conferencing services?

Waller: When COVID-19 hit, the business world had to quickly pivot into a new remote work paradigm. Many started heavily relying on platforms like Zoom, MS Teams, WebEx and others to help solve this immediate problem. But this increase in video conferencing meetings has also paved the pathway to the rise in cyberattacks and cases of ‘zoom bombing’ that are making headlines daily. It’s reached a point to where even the U.S. government has issued warnings to the public about the potential cyber dangers of video conferencing, telling people to be cautious of suspicious activity from cybercriminals looking to breach these platforms and do some serious damage.

Existing conferencing solutions have proven time and time again to be vulnerable in protecting users during their video sessions, it seems that every one of the existing video conferencing platforms are fighting for the spot of least secure platform. This is because the companies that built these systems are video conferencing companies, not, cybersecurity companies. They built systems with one simple goal, to allow people to see & hear each other. Because of that, these systems are seriously flawed. If you have a dam that keeps cracking and springing leaks, the problem is not the leaks, the problem is the dam. You can’t just stick a cyber band-aid on a system and expect it to be secure if it wasn’t designed with cybersecurity as a core tenet.

Security: Will privacy and cyber issues increase as video conferencing platforms become more prominent tools in our lives?

Waller: A mixture of remote work and the physical workplace will likely be a permanent fixture, and since none of the existing video conferencing platforms were not designed to protect the user, or their data, privacy and data breaches will continue to rise. Hackers follow the money trail, and since hacking has become so lucrative, those existing fatally flawed systems are just a breach waiting to happen. The reality is, there are numerous attack vectors and daily vulnerabilities i.e. a zero-day, that are designed to easily bypass our existing anti-virus software and compromise our devices. In addition to the data loss, breaches spell disaster for heavily regulated and compliant industries in the form of massive fines. As a result of these vulnerabilities, we are now seeing a hard shift in government organizations and enterprises to look for cyber-secure video conferencing platforms.

Security: How can video conferencing vendors build platforms with security and privacy as the leading priority?

Waller: The first item that vendors need to understand is about security layering, you can’t lock your front door and leave your windows wide open and think you're safe, it doesn’t work like that.

Almost every vendor on the market (other than us) requires you to download desktop client software, while convenient, it is a very bad idea from a security perspective. The reason being is that the desktop client can easily be exploited by hackers to steal your video stream, your microphone stream, and your audio-out stream. Additionally, that desktop client can be used to capture your keystrokes, clipboard and take unwanted screen shots.

Once their exploitable desktop client is removed from play, vendors need to implement best-practice security guideline recommendations. But even those aren’t strong enough to thwart some of today's sophisticated attacks. You cannot design a secure system without having strong two-factor Out-of-Band authentication, you also need to layer in the concept of an authorized user, and you need the ability to authenticate corporate users with fingerprint and/or facial recognition.

Desktop protection, it’s so important! You cannot just rely on anti-virus software to keep you safe. When choosing a video conferencing vendor you need to make sure that the vendor can protect the following, your camera, microphone, audio-out speakers, your keyboard, clipboard and from unwanted screen shots. The vendor's solution should also protect you when you're using other video conferencing solutions and it should protect your computer's keyboard and clipboard all the time, not just when you’re on a video conference.

Security: What are some general video meeting security best practices for business and consumers?

Waller: As for best practices when using video conferencing tools, first and foremost if you don’t feel secure, don’t share any information that may put you at risk - whether that’s intellectual property, PII, or heck, even pictures of your kids, if you wouldn’t walk around in public showing that type of information, it’s not safe to broadcast over video either. On top of that, it’s the little things that can make a big difference. Always password protect your meetings, never use a personal event link for a public facing meeting, and ensure your service provider encrypts all audio and video transmission - just following these simple tips can help mitigate some of the many attack tools that hackers have at their disposal.

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and more. Within her role at Security, she works to produce stories for the monthly issue, Newswire articles, Web Exclusive features, as well as manage social media, the 5 minutes with series, and the Today’s Cybersecurity Leader and Security enewsletter. She graduated from the University of Illinois at Urbana-Champaign with a bachelor’s in English and Creative Writing.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

5 minutes with George Waller - Best practices when using video conferencing platforms

Recent Articles by Maria Henriquez

5 minutes with Jeremy Leasher - Training the cybersecurity workforce

Lone worker protection: A commitment to duty of care and security

5 minutes with Jane Lee - The fraud supply chain, cyberattacks and more

5 minutes with Tony Howlett - Vendor risk management needs to be a top security priority in 2021 and beyond

5 minutes with Darren Cooper - Organizations are fighting a daily battle against data loss

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

5 minutes with George Waller - Best practices when using video conferencing platforms

Recent Articles by Maria Henriquez

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.