COVID-19 travel restrictions have forced Australian organisations to rely on video conferencing applications to allow their employees to communicate with colleagues, clients and partners while remote working. Unfortunately, this has been fraught with security risks such as unwanted attendees, compromised corporate data, malware risks and even cyber espionage.
Privacy and security of personal data are legal responsibilities for all organisations today, so what are the best things Australian organisations can do to manage the security of access to remote video conferencing platforms?
Ensure that there is end-to-end encryption, particularly for any tightly regulated industries
Some video conferencing apps have become household names since many started working from home but there have been many security flaws by the lack of end-to-end encryption, including “video call bombing”. Whilst this may not be a problem for social calls, if businesses are taking part in private meetings, they should insist on an extra level of security.
Enforce passwords, pins and logins for all online meetings
Meeting IDs can be guessed, allowing unauthorised attendees to join meetings even if they have not received an invite. It is, therefore, essential to require a meeting password, which can be communicated by other more secure channels such as email and SMS to limit unauthorised access.
The meeting organiser should join first
It is advisable to use a video conferencing app with a “waiting room” feature to manage people requesting to join. This allows the host to challenge any unknown attendees before starting the meeting.
Prevent file sharing in the chatbox
Restricting file sharing in the chatbox of a video conference is important, so that unknown attendees aren’t able to receive and open private corporate documents, or to send malware disguised as an attachment to the host organisation or to other participants attending the web meeting.
Set up alerts when meetings are forwarded
Often meeting details are forwarded to colleagues, administrative staff or personal accounts for legitimate reasons, but it’s important to set up alerts so the host is aware when meeting invites are forwarded over email to others. If there is a concern over meeting credential sharing, the host should schedule a new meeting with new dial-in details.
Ensure it is a pure cloud platform (no downloads needed)
There are a few legacy web conferencing platforms that require the user to download a client file in order to use them. This not only uses up valuable storage space but it can cause annoying pop-ups at start-up that are not easily disabled. Also, downloading anything poses a security risk to the user and their device.
Ensure the platform ensures data sovereignty
Many organisations, particularly in the public and legal sectors have a policy that requires data sovereignty, which means keeping Australian data on Australian soil. This requires all data to be kept in a data centre located in Australia, and it can only be accessed by Australians.
Use a business, pro or enterprise license
Employees need access to collaboration tools to carry out their work efficiently and securely. Organisations should consider buying an enterprise license that allows greater control over employee use and helps to ensure that default settings are highly secure, meet the organisation’s privacy policy, and any data storage requirements.
Whilst the pandemic has been a global health catastrophe, video meetings make it easier for employees and clients to stay in touch and have also reduced business costs due to the lack of travel costs. Opportunities have now become truly global with web meeting platforms, removing perceived barriers of distance and time zones whilst ensuring business continuity.
Tobias Raper, Asia Pacific CEO, babl
