Companies today have workers in remote positions, global partners, and people in hybrid roles. Video conferences have become more commonplace since the COVID-19 pandemic and the increase in work-from-home situations. However, when you share sensitive information, you might worry it could fall into the wrong hands. Just how secure are your video conferences? How challenging would it be to find yourself in a client meeting where someone hacks into the system and disrupts it?
Data breaches cost companies money. IBM recently surveyed 550 companies that experienced a recent data breach and found that the average total cost was around $4.5 million with or without ransomware involved. Around 83% of those companies suffered more than a single attack, and, as the amount of people working from home rises, so will data breaches. Studies show that 43% of employees made cybersecurity mistakes while remote working. Reducing any potential attack surface will help improve your security posture—which includes video conferencing platforms.
Whether you’re chatting about work processes or more sensitive information, securing your video conferencing gives you the assurance that those conversations will remain confidential. Of course, you may run into a disgruntled employee who recorded something before they left and shared it, but in general, you’ll avoid some of the worries of outside influences gaining access to your conversations. Here are nine tips to ensure you have excellent cybersecurity during video conferences.
Don’t just use the default ID for services such as Zoom. Should a breach occur, hackers are almost certain to already have access to that ID and password, which will open your meeting up to a cybersecurity event. Create a unique meeting ID for each gathering. Even if someone finds an old meeting ID or a general ID that is the default for your account, they won’t be able to get into your current meeting room with the information.
Have you ever sat in a meeting that you felt was unnecessary? Administrators might forget to look at new logins or keep an eye on the chat. With wasted time causing a lack of focus, a hacker may get complete control by the time it’s too late. To avoid losing the attention of attendees, you may do the following:
You might want to come up with a password that’s easy for team members to remember, such as “1234Meeting.” However, if you make it too simple, hackers might easily gain access to it. It’s better to use a series of letters and numbers that don’t make up any actual words. The more complex your login, the less likely it is that a hacker will gain access to your video conference.
One of the most common ways hackers gain access to any data within your company is through phishing attacks. Take the time to train your staff on how to spot a fake email and avoid sharing personal information or login credentials. Once an outside party has your login details, they can jump into your video conference, listen in, and/or add any details they’d like to the event. It’s best to use complicated passwords and train your workers to avoid sharing personal details with anyone else. You should also regularly change all login credentials.
When you start a meeting, go through a list of who should be there. Doing so will tell you if you should wait a few minutes for key people to arrive. However, you can also cross-check to see if there’s anyone in the meeting who shouldn’t be. Every username should match an employee’s or invited guest’s name. The roll call also makes attendees pay closer attention. You can make the roll call fun but use it to avoid someone sneaking into the chat who shouldn’t be there. It’s much easier to check people as they enter than at the start of a meeting when you might have a long list of names already in the video conferencing space.
Recently, there's been an unprecedented rise in the aggressiveness of cyberattacks across all types of platforms, which are also occurring more frequently. Fortunately, there are some security tools you can use to make your employees machines less vulnerable. Encourage the use of a virtual private network (VPN). Sites won't be able to track locations or plant cookies that might interfere. Install antivirus software on every employee's computer and keep it updated. Set it to automatically scan for threats daily. Your company should also use encrypted email services. When you send out the meeting ID and password, you risk others seeing what it is. Encrypted emails reduce this risk.
While you do need to share some information to get your point across or brainstorm in a meeting, it’s important that you don’t share important documents or information you wouldn’t want to place in the hands of a cybercriminal. You can also make it so only administrators or specific people can share their screen. Some hackers may take over a professional meeting and share something inappropriate. Such a situation can be particularly risky when you’re trying to impress a new client or speak to new hires.
One report estimated that around 25% of company security threats come from within. Why do some employees become so disgruntled in this way? You can do a few things to try to ensure threats from the inside are less likely to happen.
Start with your company culture. Make sure that every individual feels valued, recognize strong efforts, and develop a relationship that shows that you care about them as individuals. In reality, however, you might do everything perfectly and still have an insider threat. Whatever the reason for an employee’s release, create a process where you immediately change logins and passwords, perhaps even before informing the person you’re letting them go.
Most video conferencing platforms let you tweak the settings to improve security. For example, you might create a waiting room where you can check all the attendees before allowing them into the meeting space. Making employees wait for the host to arrive prevents them from talking about something sensitive without a moderator present to stop them.
The minute you realize someone is in the meeting who shouldn’t be, you should stop the meeting immediately. It’s better to shut down the meeting altogether than give the hacker a chance to take over. You should also mute the participants and let them know about the intruder and that you’re ending the meeting, but not to say anything further. You don’t want anyone to keep divulging things once you realize there’s been a breach.
Once you’ve successfully ended the call, contact the service provider, and report the issue. Millions of people join platforms like Zoom every month, and it’s hard for companies like them to prevent all nefarious individuals from slipping through. However, if participants regularly report issues, some of the activity can be stopped by tracking IP addresses and blocking people from accessing the platform again.
You should also chat with your lawyers and the security team at your company. Is there anything else you need to do after the incident based on what occurred? What exact information did people disclose before realizing the uninvited individual was present?
Be smart about the information you share in your meetings. Never disclose something that might hurt your brand or let out secrets that competitors can use against you. Even if you do experience a cybersecurity event during a meeting, you can still recover from the situation. Be aware and add the necessary measures needed to protect yourself and your employees.