23-Apr-2021
A year ago, both government agencies and companies around the world were forced to get employees up to speed on home office and remote work within a very short timeframe and to provide the necessary technical resources to do so. Rohde & Schwarz Cybersecurity received numerous customer inquiries during this time, asking for advice on how to make their employees' home offices IT-secure. We therefore published several news articles as well as a practical e-book with step-by-step instructions. Today, the focus is on how to secure your employees' video conferences, whether they work from home or remotely.
Video conferencing, more than any other tool, has become the favorite work tool in collaboration and communication strategies. The home office mandate has shown just how valuable video conferencing can be - in terms of team collaboration, but more importantly in terms of increasing efficiency, productivity and ultimately employee satisfaction.
Video first
By 2027, the video collaboration market will be worth $11.56 billion, and demand is likely to continue to grow. The question is what the rapid adoption of video technology will mean for IT security in the coming years, and how organizations can improve the user experience while maintaining cybersecurity.
The dramatic rise (some call it the zoom boom) and proliferation of video conferencing software was evident even before the outbreak of the pandemic. From a business perspective, the benefits of a mobile workforce are obvious on a local, national and global level. But a video conference is only as secure as its IT environment. As the provider, you must ensure that the end devices used and the line to the conference are secured by data encryption, via VPN or dedicated cybersecurity software.
Given the convenience of hosting meetings and events digitally, Rohde & Schwarz Cybersecurity recommends guidelines for avoiding data and IT security breaches during video conferences:
1. exercise caution when sharing meeting IDs.
Posting meeting IDs on social media, websites or public forums may attract unwanted participants. As a precaution, we recommend using unique meeting IDs for video conferencing.
2. use passwords whenever possible
Using passwords for both presenters and participants increases security. The presenter password requires the admin to enter a code to unlock it. Participant passwords ensure that only people with the correct code attend the session. Repeated login failures can indicate attackers targeting meeting IDs; some video conferencing services offer advanced fraud detection for this.
3. Are you aware of the video conferencing provider's privacy policy?
Many providers share data with third parties to some degree. Some share personal data with third parties, while others only share aggregate data about call information such as duration, location, and number of subscribers. If your video conferencing provider shares personal data with third parties, you are required to inform your conference participants. Pay attention to notices of the GDPR especially if you use video conferencing for application purposes in your company.
Do not record the video conference and ensure an encrypted connection (see VPN). Choose a security provider whose solutions are hosted within the EU to be GDPR compliant.
4. Keep track of your conference participants.
You know that audible signal that announces participants have joined the conference? Some vendors display entrance and exit banners with participants' names. As the moderator, check who is joining the videoconference. Unknown or anonymous people, you should ask to confirm their identity.
5. Use the control functions
Exclude participants who are not authorized to join your videoconferences and lock the conference once everyone is present to prevent eavesdropping on confidential information. File transfers can be used to pass malware and should be disabled without proper security measures. An appropriate security solution protects microphone usage and provides webcam support, means, unauthorized access to a camera becomes impossible.
6. Invitations to video conferences as a phishing campaign
A large number of cyberattacks start with a successful phishing campaign and malware distribution. If you receive links to video conferences from people you don't know via email or social media, verify their legitimacy. Never open links and attachments in emails from unknown senders and look out for typical phishing clues such as spelling errors or unusual domain extensions. In the enterprise, additionally rely on a fully virtualized surfing environment that protects your web conferences.
Press & media contact
Uwe GreunkeResponsible for Marketing, Division Networks & Cybersecurity
uwe.greunke@rohde-schwarz.com
Rohde & Schwarz
Rohde & Schwarz is striving for a safer and connected world with its Test & Measurement, Technology Systems and Networks & Cybersecurity Divisions. For over 90 years, the global technology group has pushed technical boundaries with developments in cutting-edge technologies. The company's leading-edge products and solutions empower industrial, regulatory and government customers to attain technological and digital sovereignty. The privately owned, Munich based company can act independently, long-term and sustainably. Rohde & Schwarz generated net revenue of EUR 2.93 billion in the 2023/2024 fiscal year (July to June). On June 30, 2024, Rohde & Schwarz had more than 14,400 employees worldwide.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Networks & Cybersecurity
With its subsidiaries LANCOM Systems, Rohde & Schwarz Cybersecurity, and Rohde & Schwarz SIT, the group has bundled its expertise in one division. Know-how that is needed to become the largest provider of network and cybersecurity technology for companies, public authorities, and organizations in Europe.