The need for security guidelines for video conferencing is growing as more and more companies look for new and innovative ways to make employees more productive through video collaboration which overtook the traditional face to face meeting. In view of COVID-19, an increasing number of employees are working from home, collaborating with internal teams or customers via video conference on mobile devices.

It is important that users of videoconferencing, particularly those that are connecting their own devices to the system, clearly understand their responsibilities when it comes to security. Your security policy should provide a set of guidelines for employees working from their personal devices and clear consequences for improper use.

Best security practices for businesses/organizations that should be followed when implementing video conferencing solutions.

1. Create a Bring-Your-Own-Device (BYOD) Policy

There is a need for strict policies in place with respect to employees using their own personal devices or else the company’s security could be at risk from unsecure networks, lost devices, forgotten or even complete lack of secure passwords.

2. Implement Staff Training

• Implement adequate training for staff on necessary security measures, particularly when sensitive data and private information is being shared.
• Create and enforce appropriate standard operating procedures (SOPs) with device support and usage policy, encouraging users to follow security protocols and update their devices when necessary.

3. Review & Update Video Systems

Review and enable appropriate security and privacy settings to prevent threat actors from exploiting known vulnerabilities and use video conferencing systems/apps which support encryption. Make sure your video conferencing software is patched with the latest updates and have automated upgrades turned on.

4. Secure Networks or Devices

Transmitting sensitive information and data across internal and external networks, businesses/organisations need to be assured that their conferencing solution is safe and not susceptible to security breaches. Make sure users and devices that are accessing the corporate network on-premise or off-premise can be identified and allowed connectivity only if they are authorised and meet company policy.

5. Check the Signs

Video conferencing systems use single sign-on (SSO) for user authentication which greatly reduces the risk of user credentials being lost, stolen or compromised. SSO allows users to keep track of one set of credentials and system admin to track, control access to all video conferencing units quickly determine which video systems were breached, what occurred during the breach, and lock the system to control damage.

6. Use Meeting Lock/password for enhanced privacy

 Using meeting scheduler, choose password protection where attendees will need to enter the secret password in order to join the meeting

7. Protect video conference units with permissions

Create different access levels for different types of conference, to have control over who can access what.

8. Check Meeting Links

When you receive a meeting invitation, verify that it is from a known, trusted sender. Also, check the meeting link before clicking, watching out for malicious links with “.exe,”

9. Report Suspicious Activity

Remember to report any suspicious activity to your organisation Information Security and Information Technology teams. If you are using an external video conferencing technology for non-work related calls, reach out to the vendor for the best way to report suspicious activities. 

10. Have a Video Conferencing Policy in Place

 In addition to outlining user permissions for conducting video conferences in-house, rules should take into account those who will be connecting remotely.

A few guidelines most video conferencing policies include are:

• Users must get permission to record a video conference from everyone on the call.
• Personal mobile devices should not be used to record video conferences.
• Sensitive information should be discussed in designated video conference rooms and not in public places or open office spaces.
• Video conferences conducted at a user’s desk should train the camera to focus on the users face, and any visible confidential data should be removed from camera view.
• Cameras and microphones should be turned off when not in use.
• Remote control of cameras is for authenticated users only.
• Recording of the video should be notified to the host of the meeting. This should be supported by the application itself

To know more on guidelines of video conferencing click here

References:

• CERT-In Advisory to host secure Zoom meetings while working from home.
• Zoom video conferencing app Issues