Video Conferencing Security Risks and Best Practices

Video Conferencing Security Risks and Best Practices

by Allen Drennan, Principal, Lumicademy

Video classroom concerns and risks

Video classroom and conferencing platforms exploded in popularity over the last 18 months, as the remote and hybrid workforce continues at many organizations. While video conferencing has been a mainstay at enterprise organizations for years, more businesses, including SMEs began using video meetings for collaboration when the pandemic resulted in a distributed remote workforce nearly overnight.

However, there are concerns and cybersecurity risks associated with video classroom and conferencing platforms that all organizations need to acknowledge. It’s also crucial for organizations to have a plan to mitigate these risks.

The main concerns and risks involved with video classroom software and platforms include:

  • Encryption protocols
  • Vulnerable devices including laptops, phones, tablets
  • Vulnerable endpoints and networks

Video classroom software platforms aren’t always built with the highest security stands, though. As a recent article in CPO magazine discussing the concerns about video conferencing platforms notes, “You cannot just throw a cyber security band-aid [at] a poorly designed video conferencing platform…”

Organizations need to be aware of the risks while they’re reviewing options for video classroom and conferencing software. Here are some details of the risks and how to make sure that your video meetings and classrooms are secure right from the start.

Video Conferencing Security Risks

What is typically at risk with video conferencing platforms? There are several ways that cybercriminals can infiltrate a video conference and several categories of information or data are at risk when a software platform is compromised.

Some common examples of threats or risks include the following:

  • Threats to privacy, identification, or Personally Identifiable Information (PII)
  • Risks to data from data theft or breaches
  • Risks to confidential business or corporate information or intellectual property
  • Meeting hijackings
  • Access to confidential meeting recordings

Since the start of the pandemic, there have been a number of highly publicized cyberattacks related to remote work. As the remote and hybrid workforce becomes permanent, cyberthreats will remain a top concern.

Deloitte recently discussed how COVID-19 affected cybersecurity during the early months of the pandemic. They recounted some of the more significant cyberattacks in their reportas follows: “An example of criminals exploiting the cybersecurity weaknesses in remote working has been the series of cyberattacks on video conferencing services. Between February 2020 and May 2020 more than half a million people were affected by breaches in which the personal data of video conferencing services users (e.g., name, passwords, email addresses) was stolen and sold on the dark web. To execute this attack, some hackers used a tool called ‘OpenBullet’.”

Deloitte also mentioned a technique known as “credential stuffing,” used by hackers to infiltrate employee accounts. They warned, “one of the consequences is a serious disruption to businesses that rely heavily on videoconferencing platforms. Credential stuffing is a form of cyberattack whereby hackers use previously-stolen combinations of username and password to gain access to other accounts. This is possible because it is very common for individuals to use the same username/password combination across multiple accounts.”

Rules and safety tips for securing video classrooms or meetings

Organizations should be proactive when it comes to securing their video classrooms or video meetings. A key step is ensuring sure all employees or anyone accessing video classroom software follow safety protocols and guidelines.

IBM offers some video conferencing security guidance, emphasizing that employees should all be aware of the confidential information and learn to assess the risk of information discussed or shared during video conferencing. They suggest operating from a risk-approach, or “assessing the types of calls they’re conducting via video conferencing platforms and determining confidentiality levels.” They also add that “video conferencing security policies should be built and communicated at every job level — from executive assistants to the wider legal team, all groups need to be aware of potential risks.”

Some central ground rules should be used whenever a video classroom is set up and accessed. Some basic security policies can include:

  • Unique meeting IDs
  • Unique passwords
  • Conduct a roll call in meetings or prior to the start of the video classroom session
  • Let the meeting host identify attendees before entering the video classroom
  • Limit sharing of confidential documents over video or screen sharing
  • Limit ability to screen share
  • Restrict ability to share meeting invitations

Extra Security Measures for Remote Workers

There are even more risks associated with remote employees using their own devices to access systems, as well as home networks, routers, and internet connections. With remote or hybrid-remote employees, be sure to reinforce the use of strong passwords and two-factor authentication.

Smart organizations have already implemented their own virtual private networks on top of their internal network and the public Internet so they can provide a seamless, but entirely secure network to their employees and all their applications regardless of the location or target device. This concern is no longer a factor when working remotely.

What to Look for in a Secure Video Classroom Software Platform

Before implementing a video conferencing platform, make sure the software itself is built using the most advanced security protocols. As Lumicademy notes, “Security shouldn’t be a secret.” To meet highest security standards, products must implement well known and accepted security technology such TLS 1.3 (transport layer security) along with ciphers that are strong and bit key depths that are sufficient.

In addition, symmetrical key encryption approaches to data transfer do not go far enough. Look for a video conferencing solution that lets your organization control the level of encryption for your meetings. This means every aspect starting from what is required to be compatible with web browsers, PKI levels, RSA key depth, available ciphers all the way to the latest FIPS standards.

About the Author

Allen Drennan authorAllen Drennan is the Principal of Lumicademy.Allen Drennan, CEO, started Lumicademy in October of 2017, bringing together the team of senior engineers who created Nefsis, a cloud-based, video conferencing online service, which Frost and Sullivan cited as the first “conferencing service solution based on the technologies of cloud-computing, end-to-end parallel processing and multipoint video conferencing,” to create the next generation of virtual classroom technology.

Engaging students and educators alike, Lumicademy provides the ability to interact in a live video meeting and view presentations with screen shares, document shares, annotations and whiteboards, all within a tablet or phone experience .Lumicademy offers a high quality video and audio user experience for most mobile devices with our GPU-centric mobile edition. Educators and learners can live chat with peers in up to 62 languages. Users enjoy the learning capabilities traditional ‘video apps’ cannot offer, with an unlimited amount of users joining in the mobile classroom experience.

At Lumicademy, we believe there’s a better way to connect people online. Our goal is to unify the virtual classroom experience, providing a modular and customizable solution to education industries and corporate organizations. We’re excited to bring the authenticity of face-to-face relationships in a virtually-driven world. Allen can be reached online at @AllenDrennan on Twitter and at our company website

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.