Our Blog

The latest news about Internet security and privacy.

How to Secure Your Online Conference Meetings

Posted by BulletVPN on 29 04 2020.

The world of business is gradually shifting toward online meetings and video conferences while online meeting tools for sessions with a few participants are in wide use by individual users all over the globe. This, in turn, raises the issue of how to secure your online conference meetings. It is the very same way you deal with the security of other communications channels such as email.

How to Secure Your Online Conference Meetings

As with any other software niche, the market for online video conferencing apps and online messaging software with conferencing capabilities is booming. A good number of tools hit the market early and without being properly tested for vulnerabilities. The same applies to established market players too. There’s always evidence growing that hackers are able to crack most of the popular conferencing apps. How can you secure your online conference meetings? This guide has everything you need to know.

Gartner Magic Quadrant for Meeting Solutions

Gartner_Web_Meeting_Solutions_2019
Source: Gartner
Trusting conferencing software because it is a product of a well-known software maker is simply reckless. Bearing in mind that someone snooping on your video conferences gets access to sensitive information, you need to make sure you have secure virtual rooms where you share business-critical info and documents. Here is how.

Web Conferencing Security Factors to Consider

Let’s take a look at the basic security factors and measures you should have in place if you are to have secure virtual conferencing rooms, regardless of the specific application you use.

Compliance with security standards

The accepted security standard for a maker of “systems/software” that deal with sensitive information and information systems is the ISO/IEC 27001 standard for Information Security Management.

This is an international standard while the corresponding standard for web conferencing security in the United States is the Federal Risk and Authorization Management Program (FedRAMP).

It is a good idea to look for an online conferencing platform that meets one of these two standards before you implement it across your organization.

Advanced user access restrictions

You definitely have to build a strongly gated ecosystem for your online conferences. A viable strategy and a plan for securing conferencing sessions include meeting requirements such as mandatory password protections for both meeting hosts and participants, credentials revocation after every virtual meeting, limited period of availability of the online meeting room and all the info shared there as well as mandatory use of encrypted remote connections only.

For instance, you can have a point-to-point corporate VPN to encrypt conferencing between remote offices or have VPN clients on all remote endpoints to have encrypted connections when you use a cloud-based conferencing tool.

Virtual room user privileges

You will have one-time online meetings but most of your virtual rooms will keep staying online for more than one conference call. What it means is that you need to adopt s strict system of user privileges to keep these conferencing rooms secure and safe from prying eyes.

The main tool for achieving security at this level is to introduce a system of role-based access controls, which clearly defines who can start a meeting, who can join a meeting (each specific one), and who can change a virtual room’s settings.

The host of the meeting is the participant with the highest privileges and only he can modify the overall room settings and the settings for each session, including the type of content allowed in the room (You can block posting of links there, for instance).

Blocking of conferencing software features

Even the simplest chat agent now comes with a host of additional features. Quite often having these features working bears a higher risk of someone penetrating your conferencing rooms or someone leaking sensitive information by error.

That said, you might decide to limit some app features at the system administrator’s level. As a result, this makes it impossible even for room hosts to share possibly malicious links inside rooms or banning features such as note-taking in apps or storing files in the room’s online space. Other problematic features include app and screen sharing sessions, which introduce an additional attack vector.

Conferencing data encryption

Both on-premises and cloud-based conferencing apps can record and store your voice and video conversations. They also keep documents uploaded during a meeting. These records represent sensitive information while documents may contain business-critical data. We’re talking about information such as strategic business plans, financial reports, or personal information.

That is why you need these records encrypted; especially if you are using a web conferencing tool, which stores your data in the cloud. Check if your service provider has AES 256-bit encryption.

Don’t stop there – also check if they keep logs on who has accessed these data files and from where. Thus, you can identify those responsible in a case of data leaking from your online meetings.

Web Conferencing Attack Vectors

There are numerous methods for a bad actor to disrupt or snoop on your online meetings.

  • Meeting bombing is a method to join an online conference by entering rooms that are not protected with a password. There are tools going under the name of War Dialing Software. These enable an attacker to guess your meeting ID and then join the unprotected room.
  • Malicious links work in phishing email campaigns and they work in online chat rooms as well. Once an attacker is in your virtual room, he can easily share malicious links with all participants. Do not underestimate the risk of a legitimate participant posting an infected link as well.
  • Reusing meeting links works for an attacker if he gets access to the meeting link of one or more participants. First, do not leave your virtual rooms unattended. Second, always force everyone out of the room upon meeting ends. Finally, never allow anyone to join a room before the meeting host joins.

Evidently, there are other attack vectors such as zero-day attacks but they are beyond your control. What you can do to deal with zero-days and other malware is to adopt a combination of cyber-security protections such as a next-generation firewall, a VPN, and an antivirus platform that is able to detect unknown threats.

Secure Your Online Conference Meetings – Concluding Words

Securing your online meetings is as important as securing your business data and critical business applications. Even a routine online meeting can leak enough information for an intruder. He/she can extrapolate what your strategic plans and goals are. Sharing sensitive documents in virtual rooms adds a further pool of security risks. It specifically revolves around the protection of critical business data.

By implementing the measures above and by realizing how your web conferencing sessions can be compromised, you can mitigate the risks of intruders entering your virtual meeting places and snooping on your sensitive communications. The number of corporate and individual users going online to conduct conference calls is growing. You need to go beyond the basic procedures for verifying the identity of your meeting participants.

Leave a Reply

Your email address will not be published.