5 Steps to Better Video Conferencing SecurityBy Sara Moseley
In the movie Snowden, Joseph Gordon-Levitt, the actor who plays the title character, Edward Snowden (the infamous NSA contractor) is shown covering the camera of his laptop with a Band-Aid, visibly demonstrating his understanding of cyber criminals and his fear of being hacked. While most of us will never have to worry about international spies and government espionage, corporate espionage is alive, well, and a much more likely scenario due to its lucrative nature. A recent Forbes article projected that cyber crimes will cost businesses over $2 trillion annually by 2019. Moreover, according to Microsoft, big businesses aren’t the only ones targeted by criminals, 20 percent of small and medium-sized businesses are victims of hacking attempts each year. To help ensure video isn’t a source of vulnerability for your company, we’ve outlined five steps you can take now to increase your video conferencing security.
Step 1: Examine Your Current Video Conferencing System
Lots of things get better as they age; unfortunately, video conferencing systems are not one of them. If your current video solution is a legacy system, or is more than five years old, you could be dealing with outdated security that’s putting your customers, clients, employees, and the reputation of your company at risk. Keeping older systems updated is important, but at a certain point updates will not make up for the inherent drawbacks of older technology. A few things that will help you decide if your current system is too big a risk (which we will discuss in more detail below) are: the type of data encryption the system uses; how callers log in; and how the system manages data.
Step 2: Be the Keymaster
When it comes to video conferencing both your software and hardware should feature 128-bit Advanced Encryption Standard (AES) protection. Logically unbreakable, 128-bit encryption is a security measure that enables video conferencing systems to use a 128-bit key to encrypt and decrypt all video calls between systems. The keys are automatically generated at the beginning of each video session, and according to research, are so strong, it would take a supercomputer one “billion billion” years to breach a 128-bit AES key. Nice.
Step 3: Check the Signs
Most security-minded video conferencing systems use single sign-on (SSO) for user authentication because it greatly reduces the risk of user credentials being lost, stolen or compromised. A convenient win-win for both IT and users, SSO allows users to keep track of one set of credentials, and IT to track and control access to all video conferencing units in the system with ease. Because SSO credentials are tied to a user’s authorization and entitlements profile, IT can track where, when and how credentials are used. Better still, in the off-chance credentials are compromised, IT can quickly determine which video systems were breached, what occurred during the breach, and lock the system to control damage.
Step 4: The Domain of Security
Video conferencing providers that take a domain-based approach to security are ideal in that they allow people to collaborate in a secure and well-controlled environment. Whether managed by the video conferencing provider or in-house by IT, domain-based security enables the system administrator to control access to video conferences by assigning various levels of permission to users. For example, if your video system uses domain-based security, an outsider who attempts to start a video call with someone in your company must wait until a user with the required permissions signs on and grants that person access. Data security firm, Rapid7 recently conducted a business vulnerability study and found that there are two primary mistakes most companies make when installing video conferencing equipment. The first mistake is connecting it directly to the Internet without using a firewall. The second is setting it to automatically answer incoming video calls, which provides remote intruders with easy access.
Step 5: Have a Video Conferencing Policy in Place
Much like a Bring Your Own Device (BYOD) policy, a video conferencing policy enables you to set clear boundaries and expectations for users. In addition to outlining user permissions for conducting video conferences in-house, rules should take into account those who will be connecting remotely. Companies entrusted with especially sensitive information, such as hospitals and financial institutions will want to be specific about who users can connect with via video conference, such as pre-approved vendors and clients. A few guidelines most video conferencing policies include are:
- Users must get permission to record a video conference from everyone on the call.
- Personal mobile devices should not be used to record video conferences.
- Sensitive information should be discussed in designated video conference rooms and not in public places or open office spaces.
- Video conferences conducted at a user’s desk should train the camera to focus on the users face, and any visible confidential data should be removed from camera view.
- Cameras and microphones should be turned off when not in use.
- Remote control of cameras is for authenticated users only.
Bonus Step: Give Yourself a Highfive and Enjoy World-Class Video Conferencing Security
Highfive’s high-quality, all-in-one, HD video conferencing devices enable people to connect quickly, easily, and most importantly, securely. Featuring 128-bit AES encryption technology, single sign-on access, and domain-based security, Highfive ensures your video conferences are equipped with best-in-class security and video technology. To increase employee collaboration and productivity while reducing your technology vulnerabilities, start by giving your team a Highfive.