Gerald Beuchelt, Chief Information Security Officer at LogMeIn, explores the key security and privacy practices which must be upheld when videoconferencing
Many of us used videoconferencing and meeting tools prior to our new reality of remote working, but they have now become our lifeline. Our connection to coworkers and friends. The way we collaborate, move the business forward and socialise. We have come to understand how vital open collaboration and discussion are when working remotely and video calls, virtual classrooms, online meeting rooms and virtual IT help desks help this happen. However, businesses shouldn’t take this for granted. In the mad rush to get many of these services set up, securing them may have seemed a secondary thought. But if we are to be working for anywhere but the office for the foreseeable future, security has to be at the forefront of our minds at all times to allow remote interactions to be successful.
Several platforms over the last few months, as well as individual users, have fallen into preventable (and often embarrassing) meeting and videoconferencing traps, as they quickly work to adjust to a professional life outside the office. With malware, phishing attacks, fake websites and URL’s, spammers and scammers all taking advantage of the situation, platforms need to ensure they are protecting the personal data of their customers and are dedicated to all facets of security from the get-go.
But we are all in this together, so while all software providers can be susceptible to flaws and vulnerabilities, it’s important to be transparent about security and privacy practices that have been designed to keep customers safe at such a vital time. By having a dedicated security programme in place, you can ensure that teams remain protected as demand continues to rise.
During the past few months, videoconferencing tools have been a helping hand to governments, schools, organisations and everyday individuals around the world. Therefore, protecting customers and end-users personal data should be a top priority. Software providers should be dedicated to all facets of security including security development lifecycle, vulnerability management, security operations, incident response and threat intelligence, security engagement and awareness.
Providers should have dedicated teams in place to ensure this runs as smoothly as possible. Services should be monitored around the clock with constant review and refinement, keeping existing privacy, security and operational processes top of mind in order to comply with and exceed the requirements of current data protection standards.
Digital security while working remotely
There is no doubt that usage of videoconferencing platforms has soared to unprecedented levels over the last few weeks. While users should trust the videoconference tools that they are currently using more of, individuals must also remember to take advantage of the privacy and security features built into the software. These can include unique meeting URLs and password-protection to help prevent unwanted attendees, which have increased over recent weeks and have proved detrimental to various personal and business calls.
No one wants strangers invading their meetings when they are discussing strategic and confidential material, which could have the potential to ruin business plans, just because they didn’t have the right protection in place. Therefore, having the ability to lock a meeting or receive audio or visual alerts upon meeting-entry will be the key to safeguarding meetings for those managing a back-to-back schedule.
Even with all of these features, there’s an important training component to guarantee they’re being using properly. The features are only impactful if used correctly. For example, if you’re an IT admin rolling out videoconferencing to your newly remote workforce, you must establish policies that require employees to be diligent about using these features within their meetings. Be sure to warn of the dangers of unwanted meeting guests and empower employees to be the ‘bouncers’ in their own meetings.
Lastly, don’t forget to review the default settings, especially for account admins, and make sure that you are comfortable with these. Many times, there are extra security or privacy features available, but they might not be turned on by default.
Guaranteeing security and reliability as demand increases
With remote working now the norm, software providers of collaboration products need to ensure that the experiences they provide are as secure and reliable as possible. Increasing memory and network capacity with no single point of failure in any location and the ability to move traffic between data centres without changing the regional controls over data residency, will ensure limited disruption.
With aggressive spikes of malicious cyberattacks, software providers need to ensure their security teams are actively tracking malicious activity, with alerts being triggered in real time for teams and investigative authorities to begin to resolve the issue. Speed is paramount to ensure attackers aren’t able to infiltrate meetings and to guarantee that the safety and security of individuals isn’t compromised.
Taking it to the next level
As with all tools and devices, there are key security and privacy practices which must be maintained to ensure safety. Videoconferencing and video calling providers are no exception. With the drastic increase of users, there has also been an increased amount of phishing attacks and meetings being hijacked by cybercriminals. Even Interpol has made a rare announcement warning the public about criminals who are using the coronavirus outbreak to launch online attacks.
When it comes to the platform side, vendors need to guarantee to their users that they are issuing a service which takes security seriously and can address any situations that arise with ease. Not only this, but IT teams need to ensure that whilst employees are working from home, they remain open for collaboration and discussion, keeping employees both happy and productive. By keeping security top of mind from both angles – with good built in security measures and strong education and policies for employees to utilise – videoconferencing tools will be able to be used seamlessly with collaboration and connectivity at their heart.