Video conferencing solutions have never been more popular than they are today. Over 300 million people have turned to Zoom for meetings, collaboration and conversation each day in 2020 so far. Google Meet has seen over 100 million meeting participants daily this year, and Microsoft Teams has had more than 75 million active daily users.
As the remote workforce continues to adapt to the “new normal,” using cloud-hosted videoconferencing software has become essential for just about everyone. Lots of different solutions are available. Among them, Zoom, Teams, Webex, GoToMeeting, Google Meet, Google Hangouts and BlueJeans are probably the best known.
For companies that initially deployed new videoconferencing tools early in the COVID-19 pandemic, rollouts were often hasty or poorly planned. In many cases, IT departments were deploying these solutions without fully vetting their features and functionalities, and end users adopted them with little training on best practices and settings.
Now that we’re further along the road to remote workforce enablement, it’s time to take some slower and more measured steps. Here are the top cybersecurity best practices we recommend implementing to ensure that videoconferencing solutions don’t become a weak point in your organization’s information security posture.
Ensure that the tool or tools you’re using conform to your requirements and that these are based on industry best practices.
Does your organization need to make use of end-to-end encryption to conform to Health Information Portability and Accountability Act (HIPAA) provisions, for instance? If the solution you use has end-to-end encryption capabilities available, and you’re not making use of them, you could be penalized for failing to meet compliance requirements.
Many videoconferencing solutions include end-to-end encryption capabilities, but not all of them turn on this option by default or even have this type of encryption. Google Meet/Hangouts, for example, offers transport encryption only. And, in older versions of Zoom, end-to-end encryption was not enabled by default.
This leads to our next point.
Make sure that you’re running the most recent version of your videoconferencing software, and that it’s updated regularly (and for the brave, consider automatic updates).
In the wake of the tremendous spike in usage that most of these platforms have seen within the last six months, their vendors have (unsurprisingly) found or been notified of new security vulnerabilities. Zoom has released a particularly large number of privacy and security updates during this time. Installing software patches as soon as possible is one of the easiest and most cost-effective steps you can take to boost security.
Educate your users on the importance of using company-provided software rather than solutions they download themselves.
Shadow IT (applications that the organization’s IT department doesn’t know employees are using for business purposes) is everywhere, and it has only become more prevalent during the recent push for a more distributed workforce. Teach employees about the dangers that unsanctioned software can pose to your company’s IT security, and explain the importance of using only corporate instances of tools for business purposes.
Train users on how to use videoconferencing tools effectively, as well as how to control access to meetings.
“Zoom Bombing”—the practice of unwanted participants disruptively intruding into Zoom meetings to broadcast offensive content—received much media attention back in March or April. It’s easily preventable, however—meeting organizers should safeguard meeting ID and password information to ensure that they’re not inadvertently made public. Also, screen sharing should be disabled by default, and meeting organizers can use the waiting room feature to verify participant identities before admitting them into the meeting.
Instructing employees on how to make the best use of the software tools the organization has on hand—including videoconferencing solutions—can even save money down the road. Many times, people buy new software because they are seeking capabilities their old tools already had but they didn’t know existed. In addition to making sure employees get the most out of your tools, user training can boost employee productivity as well.
Want to learn more about today’s most relevant cybersecurity best practices? Our CISO Advisory Services can help you integrate stronger data and privacy protection into your company’s culture and operational processes and improve your organization’s security posture.