For many organisations video conferencing is enabling collaborations with remote teams and customers at scale, boosting productivity while reducing travel costs.
An increase in video conferencing usage also means that the associated security risks and the chance of fraudulent usage are likely to increase too if mitigations are not practiced. A lot of sensitive information and private discussions are shared via video conferencing.
So, despite all the major video conferencing service providers promoting the security capabilities of their systems, end-user education is still necessary. While video conferencing technology has become easy to use and self-managed, user training will help users discover security features and put them to good use. Organisation-wide user education is also vital for creating awareness about video conferencing risks and how to mitigate them.
Tips for safe video conferencing
Here are some tips to help organisations in the AARNet community prepare their users for a safe video conferencing experience.
Safe use policy
Create a safe use policy that promotes the healthy and safe use of your video conferencing facilities. This will set the boundary of what and how video conferencing is to be conducted. While some organisations may have an open policy on the use of video conferencing, users need to respect that other organisations may not. In any case, there should be different policies for different use cases and for protecting different end-users (e.g. school students or minors).
Enable centralised authentication for accessing your video conference facility or tool to schedule online video meetings and to create virtual spaces. Enabling single-sign-on means users don’t have to manage different passwords. A video conference facility needs to be protected from unauthorised access to prevent fraudulent usage. Implement an audit trail, which will help with tracing events for investigating security incidents.
Encryption is essential
Encryption is an absolute must for video conferencing security. On top of stopping snoopers from getting into the system, encryption secures the content of communications by scrambling them in transit using a digital code.
Change your defaults everyone
Changing your passwords – and usernames, for that matter – from default settings to a strong, complex passphrase is a fundamental security requirement.
When scheduling video meetings
- users should be encouraged to password protect access to the video meetings. Video meetings can be scheduled to recur regularly in a permanent virtual space. If this virtual space is not password protected, an opportunistic user may discover an open video virtual space and engage in fraudulent usage.
- consider whether it is possible to list participants for the meeting and have them authenticate to get authorised to join the video meeting. This is a more secure approach than a shared password to join the video meeting.
Before the video meeting
- ensure that the video conference software and the device to run the software is regularly updated. This will protect users from security vulnerabilities that can be exploited. Updated software and devices may also introduce new security features that will be useful.
- consider if the video meeting subject matter is suitable for being conducted at a desk in an open office or better suited for a private space.
When in the video meeting
- be wary of the presence of all participants. Only allow permitted participants into the meeting. Take notice of participants joining and leaving the meeting. This may be indicated by sounds or visual popups. Once everyone is in the meeting, consider locking the meeting so no one else can join.
- with high definition video and webcams, we can easily broadcast a lot of detail in the view of the camera. Try to share your video so others can see your presence but train the camera view so it only captures video of a user’s face and does not have private or sensitive detail in its view.
- turn on your microphone only when you want to speak. Keeping the microphone off improves the video conferencing experience because unwanted background noise is not shared, and this also prevents inadvertently broadcasting private and sensitive discussions nearby. If sensitive detail needs to be discussed in the video meeting, the video meeting should not be conducted in public or open spaces.
- when sharing content, choose to share only what is required. It is better practice to share an application instead of a whole screen. Sometime you may be able to select a section of the screen to share.
After the video meeting
- any recorded video content produced needs to be securely saved in the right storage. Stolen video recordings are like stolen meeting minutes. Video recordings are rich in visual and spoken content which can be transcribed with the advent of machine or AI (artificial intelligence) transcription and optical character recognition tools. Integrate the video conference tool with centralised video content management system for easier and more secure management of video recordings.
Author: this blog post was prepared by Paul Hii, AARNet’s Collaboration Portfolio Product Manager.
Disclaimer: this is general advice only and is not intended to be address individual circumstances. Each person should conduct their own evaluation of security and privacy considerations of using any product.