Security tips for video conferences

The usage of video conferencing platforms has surged rapidly. However, security and privacy weaknesses have been found from some of the apps, such as Zoom. Some platforms may not have all the security features on by default. We gathered you some tips on protecting the confidentiality of video conferences and the privacy of users.

General tips for all platforms

These tips are useful on all video conferencing platforms.

Tips for every user participating or hosting meetings:

1. Share an app, not the entire desktop. If you need to share content, prefer to share a single window, not your whole screen. If you share one window that can show multiple documents (e.g., Word, PowerPoint, or PDF reader), close extra files to avoid showing document names that could contain confidential information. 
2. Be mindful of camera usage. If you use your camera, check that nothing behind you in the camera view is confidential. Make sure that video is enabled only when you want to. Use a sticker in front of the camera when you don’t need it. 
3. Do not share meeting participation links, IDs, or passwords to others unless you know they are allowed to participate. Be mindful or screenshots or forwarding emails that could reveal information about sharing joining the meeting. 
4. Ask before recording. Inform everyone if you are recording a meeting and ask if everyone is OK with that.
5. Keep apps up-to-date. If you need a separate application or browser plugin to join meetings, remember to install updates. Set up automatic updates, if possible. 
6. Check the participant list. Do you recognize everyone, and are they allowed to participate?
7. Allow only the required permissions to mobile apps. If you are using a mobile application for video conferencing, check what permissions the app is asking. If you are attending just a video call without sharing any content, only accessing your microphone, camera, and contact list (although depending on the application, you might not need to allow contacts) should be necessary. Accessing the camera roll, files, or location data, on the other hand, should not be required.

Tips for organizations: 

1. Prefer single sign-on. Prefer video conferencing platforms that allow single sign-on login with your organization’s identities. 
2. Check that end-to-end encryption is supported. Prefer a platform with end-to-end encryption. If it’s not available, review how confidential information you can discuss and share. Check also the key-sizes and algorithms used for encryption.
3. Check the privacy policy. Check the privacy policy of the application. What kind of information is it collecting or sharing? Is it acceptable for your organization?
4. Enable meeting lobby. If the platform supports it, set up a waiting room so people outside your organization cannot join the meeting just with a meeting link or ID. 
5. Enable meeting passwords. If the platform supports it, enable meeting passwords to protect against unauthorized attendance.
6. Create a company policy. Create a company policy on video conferencing: what platforms you can use for discussing company matters, can you talk about or share confidential material, are you allowed to share files within that service, acceptable devices, and so on. 

Platform-specific instructions

Some of the security settings vary depending on the vendor, so here’s a collection of platform-specific guidance. While this is not an exhaustive list of video conferencing tools, these are applications that are often used by businesses and organizations.

• Microsoft Teams: Security and Microsoft Teams contains information about how Microsoft has mitigated common conference call threats and configuration options for administrators. Information about restricting meetings attendance options and increasing meeting security is given in the section Addressing Threats to Teams Meetings.
• Microsoft Skype for Business: Security and Skype for Business Online contains information about how Microsoft has handled typical security threats on Skype. Meeting security options are discussed in the section Addressing Threats to SfBO Conferences.
• Cisco Webex: Cisco Webex Best Practices for Secure Meetings: Hosts contains security instructions for everyone who is setting up a Webex meeting.  Manage Security for Your Site in Cisco Webex Site Administration contains instructions for administrators about security features available in Webex. 
• Zoom: How to Keep Uninvited Guests Out of Your Zoom Event. A blog post by Zoom explaining how you can manage screen sharing, participants, and how to avoid getting unwanted visitors (Zoom-bombing). Note that due to missing end-to-end encryption and short number-based URLs that can be easily generated or guessed, using Zoom for confidential communications is not advisable. 
• GoToMeeting: 5 Best Practices for Secure Video Conferencing with GoToMeeting. A blog post by GoToMeeting advises about Meeting Locks, password-protected meetings, and managing shared content. 

Want to learn more about secure remote working? Check our cybersecurity advice on taking a digileap during these challenging times.