Strategies to Keep Your Conferencing Secure
Co-authored by Brianna Damon, Information Systems & Risk Assurance Staff
In today’s market, there is a wide variety of video conferencing software options to choose from to meet your business needs, especially during the time of COVID-19. Here we offer strategies for choosing and configuring a video conferencing solution that will allow you to keep your company’s information secure.
We recommend that the business owner of this new solution evaluate all options available, focusing on a solution with robust security and business capabilities, in lieu of a consumer-based software that is being offered for free. Free services are great for keeping in touch with friends and families, but they do not have the necessary configuration options to keep the data that you are sharing with colleagues safe. When choosing a solution, it is prudent to ensure that the solution’s vendor can provide evidence of independent certification or assurance over its system, such as a SOC 2 attestation report or ISO certification.
After choosing the solution that best fits your business needs, it is important to learn how to configure the video conferencing solution securely. The most common solutions provide their users with training videos and system documentation to help walk you through this process. Here we list a few key configuration points and strategies to use within common video conferencing solutions to help keep your data secure:
- Create a unique password for entrance to the video conference.
- Passwords should not be repeated or generic. They should follow proper password security protocols of at least 8 characters and contains a special character and number where possible.
- Restrict the ability to utilize screen sharing controls to the video conferencing host.
- This precautionary step will prevent unwanted guests from sharing their screens. Further, it allows the host to actively choose participants to perform the screen sharing function.
- Consider utilizing a “waiting room” room function.
- This allows the host to accept only the allowed people to the meeting.
- It also prevents individuals from joining the meeting before the host.
- Always use a one-time use meeting code.
- While it is more convenient to use the same meeting code every week, it makes it much easier for unwanted guests to find the meeting. This code should be unique and not easily guessed.
- When setting up the video conference, consider allowing the conferencing solution to share the call details directly to invited guests via email.
- This limits the potential of unwanted guests seeing the invitation details in a shared calendar. However, be sure to confirm that the correct people have been added to the meeting before sending invites.
- Further, consider limiting these invitations to work emails only. Personal emails do not generally have enterprise-level security protections.
- Limit the ability to record video conferencing sessions.
- If confidential information is to be discussed, do not record the meeting or allow others the ability to record the meeting. Once recorded, you company loses the ability to track where that confidential data has been stored.
- Update Software Frequently
- Common video conferencing solutions are being tested for capacity and security more than ever before, which is resulting in the software needing more frequent updates. These are provided by the vendor and should be installed as soon as practical after release.
It is important to note that none of these software solutions are 100% safe on a stand-alone basis. It is the responsibility of your company to educate its end-user base on the configuration requirements your company has established within the video conferencing solution of your choosing. These strategies will help your company create a safer virtual conferencing environment, especially during a time when most of the workforce is remote.
To discuss these matters further, please contact your BNN advisor at 800.244.7444.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, investment, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.