Video conferencing tools, long a staple of sales, marketing, and other professions that rely heavily on virtual communication, are now the norm for conducting remote business and local government meetings, sharing milestones like birthdays and anniversaries, and staying in touch with family and friends. While they offer a convenient way to practice social distancing during the COVID-19 crisis, we need to consider the security of these tools - like we do with our computers, tablets and smartphones - not just when we are selecting which tool to use, but also when we are sending out invitations and conducting meetings.
Of late, one video conferencing tool has garnered much of our attention, and probably not in the way the company had hoped. Zoom, which once made headlines because of its ease-of-use and convenience, has been the subject of significant media scrutiny for its security and practices. While the company has addressed many of the issues through messaging, policy changes and updates, it's unlikely anyone will soon forget the term Zoombombing, which describes that unique experience of being in a virtual meeting with uninvited and disruptive attendees. As a result, many people are now wondering how to make video conferences more secure.
Video Conference Security Best Practices
It's important to consider the role end users play in security, especially if you're the end user who is in charge of setting up the meeting, sending out the invitations, recording the meeting and then performing post-meeting activities. Below are a few things to consider when it comes to security, regardless of which tool (and there are many) that you use.
Do consider the tool's security.
Does the tool offer a suitable level of encryption for your needs? Do you need end-to-end encryption? Does the tool offer other security features that you need or might find useful? For example, does the tool allow you to set a password for the meeting or only admit certain attendees?
Don't assume that the default settings will meet your needs.
You wouldn't do that with a social media account, so don't do that with a new account for a video conferencing tool. Do you want to record the meeting? Can you legally? Can you require registration? Can you designate only authenticated users can join a meeting?
Do take into consideration video conferencing best practices.
To avoid having uninvited guests, don't share the link to your video conference in an open forum or post it on a public-facing website. At a minimum, require a meeting password or consider requiring attendees to register. Also, you might want to make video optional or you might decide to mute all participants when they join a meeting. These last suggestions will help reduce bandwidth and hot mic issues.
Keep in mind that these tools, like other devices, require maintenance and will change over time. When updates are available, especially if they are security updates, you should install them. (I say that with the caveat that if you are using video conferencing for a business or other organization, you may be instructed not to install certain updates.) When you do install updates, pay attention to new features and review the default settings. Also, from time to time, assess whether the tool is still meeting your needs, and if it isn't, don't be afraid to test alternate tools and select a new one.