Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

How to Ensure Cybersecurity During Video Conferences

Companies today have workers in remote positions, global partners, and people in hybrid roles. Video conferences have become more commonplace since the COVID-19 pandemic and the increase in work-from-home situations. However, when you share sensitive information, you might worry it could fall into the wrong hands. Just how secure are your video conferences? How challenging would it be to find yourself in a client meeting where someone hacks into the system and disrupts it?

Why is Security Important in Video Conferencing? 

Data breaches cost companies money. IBM recently surveyed 550 companies that experienced a recent data breach and found that the average total cost was around $4.5 million with or without ransomware involved. Around 83% of those companies suffered more than a single attack, and, as the amount of people working from home rises, so will data breaches. Studies show that 43% of employees made cybersecurity mistakes while remote working. Reducing any potential attack surface will help improve your security posture—which includes video conferencing platforms.

Whether you’re chatting about work processes or more sensitive information, securing your video conferencing gives you the assurance that those conversations will remain confidential. Of course, you may run into a disgruntled employee who recorded something before they left and shared it, but in general, you’ll avoid some of the worries of outside influences gaining access to your conversations. Here are nine tips to ensure you have excellent cybersecurity during video conferences.

1. Use Unique Meeting IDs 

Don’t just use the default ID for services such as Zoom. Should a breach occur, hackers are almost certain to already have access to that ID and password, which will open your meeting up to a cybersecurity event. Create a unique meeting ID for each gathering. Even if someone finds an old meeting ID or a general ID that is the default for your account, they won’t be able to get into your current meeting room with the information.

2. Avoid Unnecessary Meetings

Have you ever sat in a meeting that you felt was unnecessary? Administrators might forget to look at new logins or keep an eye on the chat. With wasted time causing a lack of focus, a hacker may get complete control by the time it’s too late. To avoid losing the attention of attendees, you may do the following:

  • Share engaging and interactive content
  • Keep meetings interesting and fresh each time
  • Ask attendees questions to answer in the chat

3. Create Complex Passwords 

You might want to come up with a password that’s easy for team members to remember, such as “1234Meeting.” However, if you make it too simple, hackers might easily gain access to it. It’s better to use a series of letters and numbers that don’t make up any actual words. The more complex your login, the less likely it is that a hacker will gain access to your video conference.

4. Train Your Employees 

One of the most common ways hackers gain access to any data within your company is through phishing attacks. Take the time to train your staff on how to spot a fake email and avoid sharing personal information or login credentials. Once an outside party has your login details, they can jump into your video conference, listen in, and/or add any details they’d like to the event. It’s best to use complicated passwords and train your workers to avoid sharing personal details with anyone else. You should also regularly change all login credentials.

5. Do a Roll Call 

When you start a meeting, go through a list of who should be there. Doing so will tell you if you should wait a few minutes for key people to arrive. However, you can also cross-check to see if there’s anyone in the meeting who shouldn’t be. Every username should match an employee’s or invited guest’s name. The roll call also makes attendees pay closer attention. You can make the roll call fun but use it to avoid someone sneaking into the chat who shouldn’t be there. It’s much easier to check people as they enter than at the start of a meeting when you might have a long list of names already in the video conferencing space.

6. Tap into Security Tools 

Recently, there's been an unprecedented rise in the aggressiveness of cyberattacks across all types of platforms, which are also occurring more frequently. Fortunately, there are some security tools you can use to make your employees machines less vulnerable. Encourage the use of a virtual private network (VPN). Sites won't be able to track locations or plant cookies that might interfere. Install antivirus software on every employee's computer and keep it updated. Set it to automatically scan for threats daily. Your company should also use encrypted email services. When you send out the meeting ID and password, you risk others seeing what it is. Encrypted emails reduce this risk.

7. Limit the Sharing of Private Information 

While you do need to share some information to get your point across or brainstorm in a meeting, it’s important that you don’t share important documents or information you wouldn’t want to place in the hands of a cybercriminal. You can also make it so only administrators or specific people can share their screen. Some hackers may take over a professional meeting and share something inappropriate. Such a situation can be particularly risky when you’re trying to impress a new client or speak to new hires.

8. Eliminate Insider Threats 

One report estimated that around 25% of company security threats come from within. Why do some employees become so disgruntled in this way? You can do a few things to try to ensure threats from the inside are less likely to happen.

Start with your company culture. Make sure that every individual feels valued, recognize strong efforts, and develop a relationship that shows that you care about them as individuals. In reality, however, you might do everything perfectly and still have an insider threat. Whatever the reason for an employee’s release, create a process where you immediately change logins and passwords, perhaps even before informing the person you’re letting them go.

9. Revise Basic Settings 

Most video conferencing platforms let you tweak the settings to improve security. For example, you might create a waiting room where you can check all the attendees before allowing them into the meeting space. Making employees wait for the host to arrive prevents them from talking about something sensitive without a moderator present to stop them.

What Should You Do if Your Meeting is Compromised? 

The minute you realize someone is in the meeting who shouldn’t be, you should stop the meeting immediately. It’s better to shut down the meeting altogether than give the hacker a chance to take over. You should also mute the participants and let them know about the intruder and that you’re ending the meeting, but not to say anything further. You don’t want anyone to keep divulging things once you realize there’s been a breach.

Once you’ve successfully ended the call, contact the service provider, and report the issue. Millions of people join platforms like Zoom every month, and it’s hard for companies like them to prevent all nefarious individuals from slipping through. However, if participants regularly report issues, some of the activity can be stopped by tracking IP addresses and blocking people from accessing the platform again.

You should also chat with your lawyers and the security team at your company. Is there anything else you need to do after the incident based on what occurred? What exact information did people disclose before realizing the uninvited individual was present?

Don’t Stress 

Be smart about the information you share in your meetings. Never disclose something that might hurt your brand or let out secrets that competitors can use against you. Even if you do experience a cybersecurity event during a meeting, you can still recover from the situation. Be aware and add the necessary measures needed to protect yourself and your employees.

Zac Amos
Zac Amos
Zac Amos is the Features Editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM