For business leaders, video conferencing is a necessary tool for communicating with team members and clients. However, without the proper security measures in place, this technology can leave your company vulnerable to cyber attacks.
“Microsoft Teams has recently been deemed unsafe to use by security researchers.” – Vectra (California-based cybersecurity research firm)
In this post, we’ll highlight three primary video conferencing security risks you need to be aware of and how hackers can breach video conferencing software, steal confidential corporate data, and hijack your company’s devices on platforms like Zoom, Microsoft, Teams, Google Meet, WebEx, and Blue Jeans.
The top ways hackers can manipulate video conferences are through the lack of:
• Authentication and authorization of users joining a meeting
• Encrypted audio & video
• Endpoint device protection: camera, microphone, speakers, keyboard, etc.
1) Lack of Authentication in Video Conferencing Software Leaves Your Business Open to Attack
“The #1 biggest threat vector of all is that most video conferencing platforms do not require meeting creators and participants to authenticate prior to joining a conference. This is unacceptable from a privacy & data protection perspective. Companies are now relying on video conferencing platforms to conduct their daily business more than ever, therefore, protecting confidential data needs to be treated as a high priority.
If a bad actor gets into your video conferencing portal, he could view details on all your past meetings, your recordings, see contact info for your clients and attendees, agendas, meeting notes, and future scheduled meetings in which he can add himself to. He can also use this information to set-up spear-phishing campaigns.”
-George Waller, a Co-Founder of Zerify
A Lack of Authorization and Authentication Leaves Your Company Exposed
Most of the leading video conferencing platforms do not require 2FA (two-factor authentication) for users to join a meeting. They distribute auto-join links, or the same passcode for everyone, making it incredibly easy for anyone to join.
What does that mean for your business?
All someone needs is that single link and/or passcode to jump right on a video conference.
To make matters worse, it’s easy enough for them to spoof as (impersonate) an actual employee or team member at your company or pretend to be one.
When you fail to properly authenticate your video conference users, anyone can join the meeting without your knowledge. This can include hackers, threat actors, or any outside party who wants to eavesdrop on or manipulate company conversations. Very often when a threat actor gets into a conference they share malware-infected documents via the conference platform chat channel.
How Lack of Authentication Creates Even More Video Conferencing Security Risks
If your conference platform doesn’t authenticate users, it’s possible for hackers to gain access to the meeting and record the entire conversation.
This is an even greater threat because if an outside party can get into your portal, they could also have access to:
• All your past meetings
• Recordings and data from your past meetings
• Private internal inbound or outbound emails in your organization
To prevent this from happening, you need a secure video conferencing solution that leverages multiple methods of authorization and authentication. One that:
• Generates unique meeting links for each member joining the conference
• Generates unique one-time passwords (OTPs) for each member of the meeting
• Requires two-factor authentication (2FA) for each individual user before they can join a call
• Gives you the power to authenticate any user, at any time, by a variety of methods and technologies (phone call, text confirmation, etc.)
The video conferencing solution Zerify Meet utilizes multiple methods of authorization as well as two-factor authentication (2FA) to verify each user to keep your organization safe.
2) Lack of Endpoint Security Leaves Your Connected Devices Vulnerable
Your endpoint devices such as laptops, desktops, screens, cameras, microphones, clipboards, keyboards, and even your keystrokes are the most vulnerable to attack during a video conference.
One of the most common video conferencing threats we see is malware hacking endpoint devices:
• Recording video and audio of the meeting
• Logging keystrokes of call members, gaining access to sensitive company information
• Taking control of the device’s camera and microphone to spy on call members
What can happen afterward?
Threat actors can steal and leak sensitive or confidential information from you, your clients, patients, or key stakeholders. They can use the information they gather to damage your company’s value and reputation.
If a hacker can gain access to just one of these connected devices, they can easily record, track, and have full access to your conference.
Bottom line: You need video conferencing software that protects your company down to the endpoints.
This includes securing all aspects of your computer and connected devices:
• Keyboards and keystrokes
Zerify Defender has unmatched endpoint security that can be used with your existing video conferencing platform to protect endpoints.
3) Lack of Encryption in Your Video Conferencing Software
What is Video Conferencing Encryption?
In video conferencing, encryption is the process of transforming readable data into an unreadable format. This process makes it impossible for anyone except for authorized parties to view & hear the conference participants.
At Zerify, we use encryption to protect your company’s conversations from being intercepted and accessed by external security threats.
What is End-to-End Encryption?
This is a level of encryption that uses algorithms so that only the sender and intended recipient can read the information.
No one in between, not even the video conferencing platform itself, can access the data.
How is End-to-End Encryption Different From Other Types of Encryption?
Most video conferencing platforms use what’s known as “transport layer security” or TLS. This type of encryption is used to secure the connection between the server and your device.
TLS is a great way to protect data while it’s in transit. However, it does not protect the data once it reaches the server. That’s where end-to-end encryption comes in.
It ensures your data is protected at all times, both while it’s in transit and once it reaches the server.
Why Encryption Matters
Without end-to-end encryption, your data is vulnerable to being accessed and read by anyone who can get their hands on it. This can even include gaining access to the video conferencing platform itself.
In an event like this, your data can be intercepted and read by any outside party that gains access to the link. Your company’s or clients’ private information could be totally exposed.
More often than not, internal video conference calls contain highly sensitive information, such as trade secrets, client lists, financial data, private legal information, etc.
A lack of encryption in your video conferencing can lead to devastating security breaches and liabilities for your business.
To ensure that your video calls are as secure as possible, you need a video conferencing platform that provides full end-to-end encryption.
This way, you can rest assured knowing that only the intended recipients can access and view your company’s valuable and private information shared during the call.
Zerify offers video conferencing solutions with end-to-end encryption to keep your company’s information safe and secure.
Contact Zerify today to learn more about how our secure video conferencing solutions can support your business.
The Result: An Ongoing Security Threat for Your Business
Once an outside party has access to your video conference, they can wreak havoc on your video conference calls and your business.
When inside your call, hackers can easily send a message to the video conference’s chat with a malicious link or attachment. If they get even one of your employees to click the link, they can use viruses, malware, and spyware onto their devices after they visit the infected link.
Once the malware, spyware, or other virus is installed on as little as a single device, this can create a complex, ongoing security threat to your business.
At Zerify, we believe an ounce of prevention is worth a pound of cure.
The best thing you can do to protect your business against outside threats is to invest in security solutions that prevent them from happening.
If you want to make sure every single one of your business’s video conferences are secure, you need a secure video conferencing solution that provides industry-leading
• Authentication and authorization
• Protection for your endpoint devices
That’s where Zerify comes in. Explore our secure video conferencing solutions or to learn more about how we can help strengthen your business’s security.