Video Conferencing Done Safely.

If you’re like a lot of people, you’re now working from home and connecting with colleagues by phone, text, email, or videoconferencing. Travel restrictions, group size limitations, and physical distancing advisories have made face-to-face contact difficult, if not impossible. Video communication is becoming an increasingly important tool, helping individuals and businesses break down the feelings of isolation and disconnection that many of us are experiencing. From “e-beers” with friends to department meetings and strategy sessions, video conferencing is being used to bring us together virtually, but we shouldn’t lose sight of staying cyber safe during the pandemic and in the future. 

However, as with almost any technology, video conferencing applications come with cybersecurity threats that need to be understand before – and while – using the tools. 

Conference “bombing”

Bombing refers to having intruders jumping onto a videoconferencing session to eavesdrop, or even disrupt the proceedings. If an invitation to a meeting or conference is posted on a social media channel, or hacked from the strict list of invitees, the risk of conference bombing increases. Tools are usually available in the video-conferencing application to mitigate this problem. Consider using a password (shared separately) to restrict access to the virtual meeting room. Many tools offer a “waiting room” feature that allow people to connect, but will not grant them full access to the main conference session until they have been approved by a host or administrator. This allows finer control of who gets in, and who doesn’t. Similarly, a “lock” feature is available – if you’re expecting ten people to attend a conference, once the tenth has connected, you can turn off the ability for additional attendees to join, preventing unwanted visitors from intruding. Finally, consider the form of the meeting or presentation: unless other users genuinely need to display their screens or direct the meeting, then only the host or administrator should be able to control the presentation. Turn off controls for all other attendees to reduce the risk of rogue intrusion.

Over-sharing

If you are the presenter and you are sharing your screen, be sure to close unnecessary windows to avoid accidentally sharing more information than necessary. Even consider your computer “wallpaper” – it could potentially be seen by all attendees of the conference unless you’ve adjusted your conference settings appropriately. Furthermore, if you are sharing a video feed, consider what’s in the room behind you before you share your screen. Avoid inadvertently showing personal information, private materials or valuables on bookshelves, desks, etc.

Conference Recording

Depending on the features you have enabled on your video-conferencing account, you can record the proceedings of a session. What feels like a private conversation between a few people online can be recorded and shared with others who weren’t in attendance. Further, understand that even if a videoconference isn’t being recorded, anyone can take a screen snap of materials shown in the conference. There is no way to restrict this feature: it is incumbent on the attendees to understand this dynamic before discussing or showing confidential or sensitive content.

Fake Invitations

Domain registrars have reported a spike in name registrations with variations on “zoom”, “gotomeeting”, and “webex”. Hackers are developing spoofed websites and generating phishing emails that look like invitations to real meetings, but are actually attempts to harvest login information or drop malware on unsuspecting victims. Double-check links on all text and email messages, and take extra care in accepting unexpected invitations.

Software Vulnerabilities

Since videoconferencing tools are exploding in popularity, they have become higher profile targets for hackers. Some of the major videoconferencing products have had troubling security issues reported recently:

–        Data-sharing: On iOS devices, Zoom was sharing location and device information with Facebook when using its express login feature. Zoom is reportedly adjusting the app to reduce (but not eliminate) data shared with the social media company. Further, Zoom shares data with Google for advertising and personalization purposes. Consider setting up a dedicated account with Zoom to isolate it and reduce the potential for data sharing. And be sure to review your application and device security settings to minimize permissions as much as possible.

–        Encryption: Zoom does not use end-to-end encryption on video meetings. Instead, Zoom uses a security method called “transport encryption”. While this offers protection for the data against attack from third parties, Zoom themselves have unencrypted access to the video stream. While they offer assurances that they won’t access the data, any security breach within the company could expose anything said or shown on the conferences.

–        Device Control: In March 2020, both Webex and Zoom had software bugs reported that could allow hackers to seize control of the microphone and/or webcam on attendees’ computers. These threats are mitigating by having appropriate security and patches in place on your computer or mobile device. Ensure that you keep anti-malware and personal firewall applications updated, and check that you have the latest version of your preferred videoconferencing application installed so you can get the fixes for these issues as soon as possible.

Before using any videoconferencing tool, assess the confidentiality of your conversation and your surroundings, and gauge how concerned you are about sharing video and audio over the Internet. If you are interested in exploring more information about the leading videoconferencing applications, TechRadar has a summary of some of the top paid and free services. Videoconferencing is an important tool for personal and business use in this challenging time of social distancing and isolation: be aware of the benefits and risks of using this technology.