With all of us stuck inside, video conferencing apps have become a default way to communicate with colleagues and some tech-savvy family members. Video chat apps have advanced in recent years, and have gotten easy to use, collaboration-ready, and accessible.
At the same time, due to the popularity of video conferencing platforms, many security flaws were discovered and used to exploit users. Some people were exposed to unwanted oversight and online trolls, and companies got an earful.
There are plenty of security best practices and tips for those who often use video conferencing apps. We’ve picked 8 most effective ways to protect your video conferencing needs, and here they are:
1. Check Participants before Letting Them In
Most video conferencing tools have options allowing meeting hosts to approve or reject participants before they even join the call. There is a virtual waiting room that you can use to allow attendees to stay until the host opens the meeting for everyone to join.
Zoom call this a "Waiting Room" while Microsoft Teams call it, "lobby". When enabled, the host will get a notification that a new participant is waiting to join the meeting. If the host doesn’t recognize that participant, they can deny access. Enabling this feature can help prevent uninvited attendees from breaking into a call after getting their hands on the meeting link.
2. Use a Meeting Password
Many video conferencing platforms generate a unique meeting ID and a password for each call (although it could be just the ID in some cases, check your settings). While entering the password might not be super convenient every time, it adds that much-needed extra layer of protection against hacking and intruders.
Also, consider notifying attendees and sharing meeting passwords only via email invitations. Sharing this information on social media and even messaging apps like Slack could potentially reveal it to third parties. And one more thing: don’t reuse the same meeting ID for convenience. If hackers or meeting bombers find that ID somehow, it'd be just as convenient to join meetings.
3. Don't Allow Automatic Screen Sharing
Most video conferencing platforms have screen sharing - the ability to display the screen to all participants. It’s a useful feature, so many people allow screen sharing by default for all attendees.
This means that if someone hacks the meeting and joins, they will be able to show their screen, too. To avoid that, check settings in your video conferencing app to ensure that screen sharing is disabled by default. If a participant needs to share their screen with others, you’ll be able to allow them to do so during the meeting.
4. Use Web Versions of Apps
People use video conferencing apps in two ways: either download them onto their devices or use the online version (also called web client). It might seem that there's no difference, but downloadable apps are much less secure than online versions.
Zoom has faced its fair share of security problems. In one case, the company had to make urgent patch to the app to remove code that sent users' device data to Facebook without their knowledge. When a user opened the Zoom app, it sent data such as their time zone, city, and some device specifications to the social media platform's servers even if the user didn't have an account there.
Web versions of apps don't have the same permissions as the downloadable versions. They just operate in the browser, so their ability to access data and cause harm is limited. So, consider using a web version of your chosen video conferencing app to keep your data safer.
5. Check Guest Access Rights
Some video meeting software like Microsoft Teams has the so-called "Guest Access" feature. Its purpose is to allow users to collaborate with people outside their organization by granting them access to shared files, communication channels, and web pages.
While useful for work, Guest Access can also introduce some security concerns. Guests can have full access to a company's sensitive data in chats, team channels, files, and meetings, so retrieving it would be possible for them. Besides, almost any company user can allow guests to receive such privileges.
Consider configuring the level of access granted to guest users. For example, in Microsoft Teams, the administrator can disable peer-to-peer calls and screen sharing. But if maximum security is your priority, then disabling guest access by default is the best option.
6. Enable Two-Factor Authentication
Two-factor authentication, or 2FA, is a web authentication method that requires secondary form of credentials (via what you are or what you have). Many video conferencing apps have recently added 2FA to protect accounts from hacking due to weak passwords.
After all, "123456" remains one of the most popular password used that is most often hacked. So people are making this mistake all over again and things won't change anytime soon.
Consider enabling 2FA to avoid intruders and increase the security of meetings. Also, check which users are required to provide authentication - in some cases, apps limit this requirement by default.
For university professors teaching online, enabling 2FA on student accounts will offer an additional layer of protection. That’s why educators often include security tips along with helpful resources on studying to make meetings safer.
7. Manage App Permissions
Video conferencing applications integrate with other applications to provide additional functionality. Some of those apps are trustworthy - for example, adding Google Calendar is a great idea to manage and get notified of scheduled meetings.
But some others, especially those developed by third parties, can have security flaws. If such an app is installed and integrated with a video meeting software, there's always a chance that some data could be accessed by hackers who exploit those flaws.
Fortunately, most video conferencing apps provide settings to control third-party apps. For example, Microsoft Teams have the Manage apps page in Settings, where the admin controls permissions.
Check all the options and avoid choosing "Allow all apps". This option grants unlimited permissions for all third-party software on your computer and potentially computers of other meeting attendees.
You can allow or block apps created by third-parties and control user access to them. Also, you can assign a custom policy for each app. This could be useful in cases where a specific app is used by a limited group of users (HR, finance, marketing teams, etc.)
8. Blur Background or Use Audio Only
Blurred and custom backgrounds and audio-only meetings aren't only for hiding a mess in a room during work calls. Turning off the video is advice that many experts give to avoid social engineering attacks or companies learning private information about you.
For example, hackers who view a user's background can try to find some items or personal information to get that person to trust them. The types of information vary, but in many cases, they trick people into giving them bank information or passwords to online services.
One example involves hackers contacting a colleague of a person they viewed and asking them for some login credentials. Using the details they have learned might make their case believable.
Another idea is that companies may try to learn things about video meeting attendees for marketing. For example, if you have scented candles on your background somewhere, you might see some ads for candles online later. So, consider blurring your background or even using audio-only calls when possible.
Staying safe online is something that everyone should take seriously. With most of us using video conferencing apps such as Zoom, Microsoft Teams, and Google Meetings; knowing ways to protect privacy is a good idea - and it applies to both personal and business meetings. Consider implementing the above tips to increase the security of your video meetings. A 100 percent secure video conferencing app doesn’t exist, so do what you can to stay as safe and possible. And enjoy your meetings! Good thing we got them now - just imagine how remote working would be like without them!
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.