The increase in how the federal government uses video conferencing has presented a host of vulnerabilities for hackers to exploit.
Since the start of the COVID-19 pandemic in 2020, we’ve heard countless stories about how many government officials have had their video conference meetings hijacked by threat actors (1).
As these incidents have continued to mount, prioritizing video conferencing along tiers of required privacy should be a top government concern as the current administration increases its focus on cybersecurity.
However, it’s puzzling that regulations have not been enforced with regard to collaborative communications, which is especially alarming given the remote work trend is expected to continue for the long haul.
Since the start of the pandemic, federal and state agencies have relied on Zoom for Government, Microsoft Teams. and other teleconferencing tools for keeping their businesses moving forward.
Unfortunately, there have been some devastating consequences, like when the U.S. House Oversight Committee Meeting became the victim of a “Zoom Bombing” in April 2020 (2).
While this particular attack hit at the federal government level, there have generally been too many reports of sudden, inappropriate meeting interruptions leading to politicians having to proactively address these types of issues (3).
When the Biden administration issued an executive order to bolster cyber defense in 2021, it highlighted how the U.S. is making cybersecurity a top national concern.
However, there has been little mention of collaborative communications with that initiative, something that state and local governments rely on to conduct meetings on critical issues, like:
• Natural disasters
• Budgets
• Wider access to public meetings for citizen engagement
• Election politics at the federal, state, and local levels
• Court proceedings
• Crisis communications of a proprietary nature
• Cyber attacks that need to be internally discussed
• Top-secret matters
Classifying Inter-Agency Communications: A New Approach to Secure Video Collaboration for Government Agencies
It is imperative to reevaluate how vulnerable these widely used platforms are to breaches. We should look to triage meetings according to levels of proprietary data and then apply the appropriate and necessary cybersecurity measures for each type of videoconference.
An informal social meeting between government employees would be a “Level 1” meeting and would not require the highly specialized controls that a “Level 4″ meeting would necessitate.
A discussion about a government attack or handling of a national disaster would meet Level 4 criteria and require controls such as a lobby room with a special password, biometric login, end-to-end encryption, secure desktop features, and more.
Classifying meetings along four tiers and applying standards for each of those tiers would help meeting hosts get a better grasp on how they should be conducting sensitive discussions.
When it comes to collaborative communication tools, organizations are susceptible to the security flaws of the many widely used platforms.
With a global cultural shift towards remote and hybrid work, governments must continue to adapt to these new realities in 2022 and beyond.
Agencies and officials in the public sector must be able to have extreme confidence in the security of the virtual meeting platforms they’re using to ensure critical information isn’t breached in any way.
Recommendations and Guidelines for Securing Government Communication Platforms and Video Conferencing Equipment
Early on in 2020, a string of incidents (i.e. “Zoom Bombings”) led to the Department of Homeland Security issuing an initial set of best practices (4) to help users understand the threat of cyber attacks and prevent hackers from getting into a meeting room. However, these early guidelines were just the seed of the idea that can now be expanded upon.
Now is the time to revisit and set the guidelines for those types of communications, specifically virtual meetings, and to bring this to national attention and to the focus of federal agencies.
1. Classify Meetings and Grant Privileges to Employees in Specific Sectors and Departments
Every video conferencing organizer should be able to classify the meeting to determine who to invite and control information access. This will allow government organizations to grant sufficient privileges to teams so they run meetings that protect proprietary data.
It is now practical to secure video conferencing and protect all parties involved, even if malware or spyware has crept onto an individual’s computer or an organization’s network.
With breaches and virtual meeting interruptions becoming more common, there is no excuse for government agencies to be at all lax about this critical area of cybersecurity.
2. Switch to Government Video Conferencing Services that Use Proven Security Tools
Almost all video conferencing platforms used for videoconferencing are prone to attacks. However, there is a significant lack of oversight when it comes to cybersecurity and virtual meetings.
Hackers have become more adept and sophisticated at infiltrating these platforms.
Therefore, it is imperative that state and local government organizations proactively secure alternatives, keeping in mind that they must ensure reliability, performance excellence, and an easy-to-use system.
These platforms should look to implement out-of-band authentication tools, keystroke protection for proprietary meeting authorization, as well as complicated password systems.
Zerify is the only video conferencing solution that is built on zero trust architecture, with the safety and security of its users being one of its primary focuses.
Contact us to learn more about our secure video conferencing services.
3. Crack Down on Sharing Sensitive Information Over Video Collaboration Platforms
Users should always be cautious about sharing passwords, ID numbers, IP addresses, company data, trade secrets, and other proprietary data through these services until there are major improvements.
4. Be Wary of Video Conference and Meeting Invite Links in Emails, Even From Trusted Coworkers
Anyone working in the public sector, especially if their email address is publicly listed, must be cautious of links in every single email they receive.
It is easy for hackers to create an email address that looks like it is from a trusted coworker and a login page identical to the video conference platform an organization uses.
All it takes is a single click from someone not paying close enough to the sender’s email address or the fake login page URL to give a hacker access to the computer camera and microphone
5. Educate Government Organizations About Video Conference Communication Compliance
The U.S. must continue to push collaborative technology compliance best practices while offering guidance on new tools and solutions that can shut down threat vectors.
Scheduling regular meetings and educational sessions to ensure the workforce software is up to date and compliant with the latest cybersecurity practices is one simple way to keep everyone on the same page.
How The Federal Government Uses Video Conferencing is Key to Mitigating Cyber Threats and Cybersecurity Risks in the Future
It is crucial for government organizations to build on the early guidelines (5) for virtual meeting security, and then take a closer look at their conferencing tools to ensure complete organizational safety.
The new realities of communicating in the remote work environment have led to a whole new set of challenges. Ransomware and critical infrastructure attacks have grabbed all the headlines (6), but the safety of digital communication technologies is still being overlooked and meeting breaches will continue to occur until it gets resolved.
Cybersecurity initiatives related to virtual meeting technologies should be prioritized, and classifying meetings according to tiers of importance is a practice that should be enforced by the federal government to protect all government-related matters.
Zerify Provides Secure Video Communication Solutions
Zerify offers 3 secure video conferencing solutions that are designed to meet and exceed the best practices provided by the U.S. Department of Homeland Security:
Zerify Meet
Zerify Meet is a video conferencing platform like Zoom, but its key differences lie in its ability to protect mission-critical information.
It only allows invited participants to enter the meeting room, but participants cannot join unless they are verified through two-factor authentication (2FA). Other features include video and audio lockdown, anti-screen capture, and keystroke and clipboard protection.
Zerify Defender
Zerify Defender provides a seamless experience that enables workplaces to continue to use their employees’ preferred video conferencing software systems.
Using military-grade technology, Zerify Defender protects desktops from threats by closing off access to monitors, video cameras, microphones and speakers, and keyboards. Zerify Defender is a great option for employees and contractors working remotely, as it works with any video platform.
Zerify API
Zerify API allows users to launch a secure video conference in real-time from nearly any business application. Zerify API meets regulatory certifications required by the U.S. and can be used to tailor your existing business software and workflows to better fit your communication needs.
For more information about Zerify’s offerings, contact us today.
Resources:
