Best Practices for Securing Video Calls
The transformation of business has never been more rapid, nor as uniformly focused on digital transformation as it has been with the recent pandemic. Industry experts have been touting the operational and business advantages of adopting digital technologies for years, but with limited uptake or success.
As we’ve seen, with the resulting transition to ‘work from home’, interactive video/video conferencing has become the way for organizations to ensure their continued operations: from leadership teams driving their companies forward in uncertain times; to optimizing inter-departmental cooperation; to improving customer engagement. Video helps maintain relationships in ways that no other type of communication can.
Yet, organizations have a wide range of privacy needs. Some may require strict lock-down of all communications whereas others may only need the ability to selectively secure sensitive or confidential communications such as corporate planning sessions, product innovation/ideation, or quarterly investor calls.
We’ve compiled some of the best practices for your organization to consider when using video-conferencing. As always with such lists, consider your options and use what is appropriate for each specific case – basic security for general operating needs, to the most stringent approaches for the most sensitive communications.
As a starting point and as with all communications these days – your organization should develop a set of security policies, which depending on your industry, would probably include a range of subjects which should be treated very specifically from a privacy protection perspective, for example…
Healthcare respecting HIPPA requirements for the protection of personal healthcare information
Governments focusing on confidential treatment of all sensitive policy and program development information
Emerging Companies securing their innovations and first-mover competitive advantage
The first step is to understand all the privacy and security capabilities that your video collaboration solution provider recommends. Then, implement all the security features per their recommendations.
For the most secure needs, as has been the practice for communications infrastructure for many years, the most robust approach is to use your own dedicated instance – either behind the corporate firewall (i.e. “on-prem”) or on a dedicated instance within a cloud infrastructure. If that is impractical, then as a secured, as a dedicated private channel within a multi-tenant cloud.
Of key importance is the development of a corporate access code policy, and its active enforcement. This would include:
- Limiting reuse of access codes. If you have recurring meetings, frequently change codes. The probability is very high that it has been shared with a wide range of people – some of which may no longer be authorized to attend these calls
- If possible, create user unique PIN’s to minimize unknown or unauthorized “pass along” invites
When covering sensitive topics… like at UK Cabinet meetings, only use 1-time access or PIN codes. If available, use multi-factor authentication with DNS validation.
Select a service that does not share ANY data with any other parties… either within your org or outside and certainly not with any social media or 3rd party services.
Always use the lobby function so that attendees are held in a waiting room and are only allowed access once the host joins, which helps limit sensitive information being inadvertently shared by way of an off-hand comment.
Enable attendee tracking and notification tones to facilitate the proactive management of attendees making it easier to identify, block, or eject anonymous participants or unknown numbers.
- Always validate participant names
- If a participant dashboard is available, scan regularly for unknown names
- Lock the meeting once it has started and all requisite attendees are online; make it a policy to block out any late joiners
- Disable local recording and/or screenshots if possible
If the video conference has been recorded, ensure it is encrypted and that playback can only be accessed via code, name/email validation, with playback limited to a certain timeframe.
- Subsequent access would have to be requested
- Ensure recordings are kept locally and always encrypted
- If recorded on the provider’s system, ensure files are erased once ported it over to your archive system
Dealing with Work-From-Home Realities
Generally speaking, one of the best approaches is to limit access to either corporately-issued devices which are secured by the IT department using an Enterprise Device Management tool, or to limit access to personal or home devices that your IT department has ‘certified’.
For additional security, also use end-point security software on those mobile devices.
VPN’s are always a good idea for additional security, as well as for ensuring bandwidth is properly allocated and prioritized for your video conference calls, and do not allow third-party numbers to be bridged into your calls.
Video Conferencing and Collaboration is transforming the way the world works. Using it the right way, makes all the difference.
Learn More About Video Security
Watch our Video On-Demand – Video on the Down Low: Keeping your online Chats Private & Secure