10 Video Conferencing Security Best Practices
The security of our video conferencing solutions is increasingly coming under scrutiny as we rely more on these tools. You’ve likely seen, heard about, or perhaps even experienced a "Zoombombing" attack. As the world shifts to accept remote work and video conferencing as the new normal, the one thing we can count on is that there will be bad actors seeking to exploit any software vulnerabilities in your video conferencing solution.
It’s important that you partner with a secure, reliable video conferencing platform. Here are 10 best practices for secure video conferencing to protect your business, your workforce, and the customers you serve.
Look for These Features in a Secure Video Conferencing Platform
1. End-users can lock down meetings
The regrettable incidents of “Zoombombing” could have been prevented with some easy-to-use security settings allowing the video conferencing administrator to lock down the meeting. Ask your platform provider about mute options upon entry, “waiting rooms,” and event-specific security logins (instead of a generic video conferencing line) as these are features needed to keep your meetings secure. Some platforms can even lock down the conference after everyone has checked in.
2. Solution is business grade, not consumer grade
Avoid consumer-grade software for a more secure video conferencing experience. Consumer tools are often “generic” and are not customizable, either for your business or even for the administrator seeking peace of mind about the security of the event. B2B video conferencing providers offer a more complete range of security tools as part of their packaging, and many are even HIPAA-compliant, which is a good goal for any industry.
3. End-to-end encryption
Speaking of HIPAA, a critical video conferencing security best practice is to select a provider that offers end-to-end encryption of video and audio. Encryption is an algorithm that scrambles the signal while it’s at rest or in transit over the Internet. Only the participating end-users have the security key to unlock the data to view it. End-to-end encryption (E2EE) video conferencing solutions blanket the entire service, from the forward-facing conference rooms to the underlying architectures and even the equipment you use, such as web cameras and microphones.
4. Browser-based video conferencing
Most video conferencing solutions require you to download software. Not only does this make your device vulnerable to any “ghosts in the machine,” it requires you to remember to update your devices to be sure you have all the latest security patches. A browser-based web conferencing tool has the benefit of being updated constantly and in real-time on the web. The process of downloading and installing an app is eliminated, as is the concern that your team will use an older software version that may leave your company vulnerable to a preventable encroachment by a bad actor. With no downloads, a web conferencing solution is not only easier to access and maintain, but you can also rest easier knowing it’s as current as can be with the latest video conferencing security best practices.
5. Unique meeting IDs for every event
While using the same meeting ID for every meeting is easy and convenient, it’s also not safe. This is partially what caused a problem with some of the Zoom meetings that were hijacked in the spring. End-users should be trained to select the option for generating a new password for every meeting. They should not share that ID publicly to help keep the meeting safe. Look for a video conferencing solution that sets up unique video IDs as the default on the platform, or make sure you’ve trained your team to select that option when scheduling a video conference.
Follow These Best Practices In Your Video Conferencing
6. Set a meeting password
While this added step may feel a bit controversial, it’s a security best practice that we think your vendor should offer and your company should use. Adding another layer of protection on every meeting you hold is not a bad idea; it’s a type of two-factor authentication in the video conferencing world that can protect your business.
7. Use virtual backgrounds
If your meeting is open to hundreds of strangers, such as in a webinar, or if it is something other than an intimate gathering of a few of your closest colleagues, you may want a virtual background. This is a good way to protect your privacy during a video conference or webinar. Some video conferencing services offer this in their service, but you can also add a green screen or drop in a background for free with apps like Chromacam or CamTwist.
8. Announce recording
To protect the privacy of participants in your video conference, make it a point to announce that the meeting is being recorded. You may even want to mention it again, halfway through the event, for anyone who has joined late.
9. Be cautious about the chatroom feature.
Most video conferencing solutions today offer a chatroom feature. Make sure your employees understand the rules for chat, such as never sharing files or clicking links that end-users post in chat rooms, particularly if this is a public event. You may even be able to disable the chat feature until the end of the video conference, when you open up the floor for questions. If you find that chats are going on during a video conference, it’s almost like people talking quietly in the back of the room during a presentation. It can be disruptive and a potential security risk, so make sure it is tightly controlled.
10. Don’t allow default screen sharing.
At the beginning of this list, we talked about being able to lock down a video meeting. One particularly important video conferencing security best practice is to make sure screen share settings are turned off by the administrator. Check with your vendor to make sure the setting isn’t set to “on” by default. The host of the meeting should be able to share who and when screen sharing occurs.
These are best practices for secure video conferencing for your organization to consider. MegaMeeting is standing by to help your organization with secure, high-quality services to help your teams, prospects and customers communicate more effectively. Contact us today to find out why our customizable, business platform is the right choice for your business.
MegaMeeting solves the biggest challenges of modern video conferencing. For users, it is an all-in-one platform that delivers both video conferencing and webinars in a single, simplified interface. For attendees, it is 100% browser-based, making it highly accessible; joining a meeting is instantaneous from a single click. For enterprises, it is highly customizable, with white-labeling options for a private branded solution. For developers, it is API-driven and easy to integrate.
Powered by WebRTC, Node.js, React, and GraphQL, it is a cutting-edge platform that is fun and easy to use for users and developers alike.