Cyber Security
Standardizing video conferencing security guidelines should be a top government priority
Published
3 years agoon
By
GFiuui45fgWith more individuals working remotely over the past two years, the world has seen a rise in collaborative technologies, with meetings taking place via Zoom, Microsoft Teams and other platforms. But this trend has coincided with too many reports of lewd meeting interruptions and negative “Zoom Bombing” incidents, reaching a point where politicians have had to actually address these types of issues head-on.
Earlier this year, the government issued an executive order to bolster cyber defense and implement a zero trust approach, making it clear that the U.S. is looking much more closely at cybersecurity as a top national priority. But the world is changing fast, and when it comes to collaborative communication tools, organizations are still susceptible to the security flaws of the many widely used platforms. Now, many security industry experts are increasing their focus on addressing any and all of these potential vulnerabilities to ensure that proprietary data is protected by the most enhanced methods of technology.
With a global cultural shift towards a hybrid remote work dynamic, governments must continue to adapt to these new realities heading into next year. Agencies and public officials must be able to have extreme confidence in the security of the virtual meeting platforms they’re using to ensure critical information and sensitive discussions aren’t breached.
Developing new recommendations and guidelines
Early on during the pandemic, federal officials saw a worrying trend in the rise in “video conferencing hijacking events,” which impacted schools, the financial industry, healthcare and other areas. This string of incidents led to the Department of Homeland Security issuing a direct warning to businesses and putting out an initial set of guidelines and best practices to help users understand the threat of cyberattacks and prevent hackers from getting into a meeting.
These early guidelines were a positive start but needed to go further in establishing robust meeting policies. Ideally, every video conferencing organizer should be able to classify the type of meeting to be able to determine whom to invite and control the access to information. This will allow government organizations to grant acceptable privileges to their teams, so they run the meeting in a secure way. It is now practical to secure video conferencing and protect all parties involved, even if malware or spyware has crept onto an individual’s computer or an organization’s network. With breaches and virtual meeting interruptions becoming more common, there is no excuse for government agencies to overlook this area of cybersecurity.
How platforms can bulk up on security
While the majority of competing video conferencing services have made attempts to improve security measures, many industries, including healthcare and finance, remain skeptical about the strength of security and the ability of video conferencing platforms to protect sensitive information and conversations. Users should always be cautious about sharing passwords, ID numbers, IP addresses, company data, trade secrets and other proprietary data with these services until there are major improvements.
Reliance on video conferencing platforms continues to grow, and now other governments from around the world are expressing their own privacy concerns. The U.S. must continue to push collaborative technology compliance best practices while offering guidance on new tools and solutions that can shut down threat vectors. At the very least, these platforms should look to implement out-of-band authentication tools, keystroke protection for proprietary meeting authorization, as well as complicated password systems.
Hackers have become adept at infiltrating these platforms, so it is imperative that organizations, CISOs and CTOs proactively secure alternatives, keeping in mind that they must ensure reliability, performance excellence and an easy-to-use system.
While almost every video conferencing platform states that it offers some level of security, there are key differentiators that make a platform stand out for its protection value, including:
Encrypted Audio and Video: This might seem like a no-brainer, but without this key feature, a hacker could easily hijack audio & video streams as they travel across the internet. With fully encrypted audio and video, your data is protected while in transit.
Camera, Microphone and Audio Lockdown: Locking down your camera, microphone and audio speakers from eavesdropping spyware needs to be a top priority for any organization when it comes to protecting classified, restricted, high-risk & moderate risk data; all of which are governed by compliance regulators.
Meeting Authentication: Aside from providing the option to require a password, most platforms fall short with respect to authentication. Proper authentication is quite literally the first line of defense, and it should be taken most seriously. Without it, it is near impossible to identify meeting attendees as whom they claim to be.
Other key security features should include endpoint protection, anti-keystroke logging, clipboard protection, biometrics and anti-screen capture.
Mitigating cyber threats and security risks going forward
The video conferencing market is seeing stellar growth, meaning cyber-attacks and disruptive virtual meeting incidents will only become more frequent. It is crucial for government organizations to build off of the early guidelines for virtual meeting security and take a closer look at their conferencing tools to ensure total organizational safety.
The new realities of communicating in the remote work environment have led to a whole new set of challenges. Ransomware and critical infrastructure attacks have garnered much of the attention, but digital communication technologies are still being overlooked, and meeting breaches will continue to occur until things get resolved. Moving forward, initiatives related to protecting users on virtual meeting tools should be at the forefront of every government’s cybersecurity agenda.