How Secure Is Your Video Conferencing Setup?

Published on: March 22, 2021

The global pandemic has been disastrous for many industries. The airline and hospitality industries witnessed some of the most significant revenue drops. However, several other industries saw exponential growth, most of which operate in the digital space: online meal and grocery delivery services, e-learning platforms, e-commerce, and, of course, online business tools like video conferencing platforms. With states adopting lockdown measures of various severity, millions of workers switched to remote work.

Statistic: Change in remote work trends due to COVID-19 in the United States in 2020 | Statista

Find more statistics at Statista

Naturally, switching to remote work led to a surge in the use of digital tools, be it group chat or project management platforms, cloud data storage and transfer applications, or remote access solutions. Video conferencing solutions’ usage statistics went through the roof. Zoom is a perfect example, as shown by its newly released yearly earnings data.

Source: Zoom

The number of daily meeting participants on Zoom went from 10 million in December 2019 to 200 million in March 2020! Families started using Zoom to catch up with each other, students switched to online education, professionals shifted to virtual office and business meetings, and business event organizers replaced their physical events with virtual ones.

Video conferencing technologies provide the flexibility and convenience on which remote workers have come to depend. And the demand is not going away soon. While many people will eventually return to working from their corporate offices, many organizations realized the cost-cutting opportunities presented by remote work. 1 in 4 Americans will work from home in 2021, and by 2025, 36.2 million Americans will be working remotely, an 87% increase from pre-pandemic levels.

However, like most other digital tools, video conferencing comes with its own set of cybersecurity vulnerabilities. Organizations need to pay close attention to how their IT departments ensure that off-the-shelf, readily available video conferencing solutions fit into a larger cybersecurity framework.

The cybersecurity vulnerabilities of video conferencing platforms

The pandemic – or rather the chaos and uncertainty caused by it – presented cybercriminals with endless opportunities. Ransomware attacks against healthcare providers, educational institutions, and municipal governments witnessed an upward trend. There was a surge in social engineering attacks. And, as people switched to virtual meetings en masse, malicious actors started paying closer attention to this point of network entry.

Like any software, video conferencing solutions may experience zero-day attacks, where cybercriminals identify a software vulnerability and use it to launch an attack. For example, reports surfaced in April last year that hackers were selling two critical Zoom zero-day vulnerabilities for $500,000.

“Zoom bombings” – a term coined in response to the wave of virtual meetings being interrupted by unknown parties – are being reported from all over the world. The FBI issued a warning of multiple reports of video conferences being disrupted by pornographic or hate images and threatening language.

While many video conferencing technology providers offer end-to-end encryption for conversations and data transfer and storage, individuals can unknowingly let hackers spy on virtual meetings by failing to follow safe digital practices. Uninformed users often make the following mistakes:

Connecting to the call from a public WiFi.
Connecting from a device that was already successfully penetrated by hackers with malware.
Setting up public, as opposed to private, meetings.

These mistakes create a perfect opportunity for malicious actors to engage in espionage and gain access to sensitive data.

Furthermore, by crashing a teleconferencing meeting, cyberattackers can spread malware via links and files shared in the chat function, potentially infecting multiple devices within the same meeting room.

Finally, due to much communication now being conducted via teleconferencing solutions, the login information to such platforms has become more valuable.

Another potential threat comes from the increased amount of sensitive data being discussed and transferred over video conferencing tools. It makes people’s personal devices a more desirable target as they increasingly store more potentially sensitive data.

How to establish secure video conferencing practices

To minimize the risk of company data or employees’ personal data getting compromised through video conferencing solutions, make sure to educate your employees on best practices:

Only use company-approved teleconferencing solutions and make sure they are always up to date.
Password-protect every meeting.
Do not publicly share your meeting room ID.
Generate a random meeting ID for each meeting as opposed to using a personal meeting ID.
Do not share login information or unnecessarily transfer data during video calls.
Do not, under any circumstances, connect to a video call via public WiFi. Your home router should use WPA2 or WPA3 encryption standards.
Limit the types of files that can be shared, ensuring that those with the .exe extension are excluded.
Make sure that your meeting setup allows for only one person to share the screen at a time.
Pay attention to who is in attendance and notify the meeting host if you suspect that there’s an unauthorized person in the virtual meeting.
Set up waiting rooms for your meetings and screen every participant in the waiting room before granting access.

In the meantime, your IT team should select a video conferencing solution that employees should be mandated to use. When looking for the right solution, pay attention to the following factors:

The solution must use end-to-end encryption.
System administrators should be able to manage user settings and monitor activity centrally.
Make sure that it securely integrates with third-party applications your organization has in its tech stack.
Read up on the latest patches and updates of different solutions, and see if there had been any zero-day attacks and how fast patches were released to eliminate the vulnerabilities.
Identify which cloud solution the vendor uses to store data and make sure it’s a reliable one.
Check whether the solution is compliant with such regulations as HIPAA and GDPR.

If you are unsure which video conferencing solution to pick or how to integrate it into your existing IT infrastructure securely, our specialists at Gamma Defense can help you protect your data and your employees. Contact us.