There’s been a lot of publicity recently about GDPR and data privacy – most of our clients now have measures in place to address the requirements of the legislation. But one area that can easily be over-looked is security around video conferencing activity.
Video conferencing is no different to other meetings and collaboration activities – in so far as sensitive information is often discussed and shared. And in this context, a breach of security could have bad consequences for client companies and individuals who work there. A good example of this happened in 2016 when a Canadian political party had a video conference hacked and the hacker subsequently contacted a news agency who then published information the party had not intended to release into the public domain at that time. There were no radical consequences in that situation however it doesn’t take a huge leap of imagination to see a hacked video conference could have serious repercussions. And of course, it demonstrates the importance – for all organisations – of having robust security policies in place.
Of course, the Internet of Things (IOT) and the level of connectivity in our day-to-day lives also underline the need for caution and it’s not a bad idea to stand back from your daily routine and assess the vulnerabilities that may exist across your own activities – at home and in work.
But in a commercial context, the use of video conferencing is only going to grow so a good start is to prioritise security in this context. And to help you address some of the likely vulnerabilities, here’s a number of considerations you should take into account…..and of course contact meritec if you want any support in this context……
Some Primary Video Conferencing Security Considerations
- Audit the Video Conferencing System – new technology is always being released and video conferencing systems have radically changed even over the last two years. The latest tech will also typically include better security and it often addresses security gaps in older systems. There are three aspects to auditing the system; one is to work out what should be retained, then what can and should be upgraded and finally you will want to look at replacing certain elements of they are old-tech. However of course it’s often easier, cheaper and more effective to simply replace the entire system.
- Domain Permissions and Access – in a good set-up, the manager of the video conferencing system can control access – at different levels of permission– to different parts of the system. This domain-based security can prevent mis-use of the system and it can be set-up to control and track who is using the system and when.
Strong Policies of Use
The audit and access considerations mentioned above are a starting point but there are many other steps you can implement to strengthen security and implement best practice. These include
- External Device Use
Many of us prefer to plug-in our own devices – for comfort and ease-of-use – it’s a growing trend known as BOYD (Bring Your Own Device). There is some evidence that where this is facilitated, people are more productive. However, this is a security threat for organisations unless those using their own devices are both educated in best practices for security and implementing them on their own devices– even simple things like keeping the anti-virus software up-to-date can be over-looked. Each organisation needs to ensure it offers guidance on this and that BOYD participants in video conferences commit to your company security policies, in advance of accessing the system.
- Staff Up-skilling – the internal team also need to be trained in good security practices and I what is expected of them in using the system. Security policies need to be documented, shared and implemented in practice. It might be useful to automate reminders about security through the system, from time to time.
Video Conferencing & Regulated Sectors
Certain sectors are more highly regulated than others and If your work involves healthcare or dealing with personal financial information, for example – then the regulations around the handling of sensitive information are critical in terms of how you operate your business. In this context, you may want to implement additional security measures as there are extra considerations for you to take into account. Some considerations include
- Authentication and Encryption
These security measures are well established and proven and can be implemented on certain systems easily and can include options such as tracking usage, access controls per user etc.
- Partnership / Supplier Security Policies & Agreement
Under EU legislation, you may be obliged to ensure suppliers handing your data e.g. storing video transmissions – also meet the terms of the legislation. This may involve asking for a copy of their own policies or having a written agreement.
Video conferences are going to become the norm for many businesses and no matter what sector you operate in, having the right policies both documented and implemented across your organisation will give you both the security protection you need and the peace of mind you deserve!