George Waller, EVP and co-founder of StrikeForce Technologies, an entrepreneur and technologist with over two decades in the cybersecurity and computer industries offers insights into must have cybersecurity features for videoconferencing and how we should be thinking about meetings in the future.
Q: What are the top cybersecurity and data privacy concerns with general purpose videoconferencing platforms?
GW: More than ever, hackers are taking advantage of the current situation we live in, which has correlated with a rise in high-profile cyber and ransomware attacks, corporate data breaches, and even malicious Zoom bombing incidents. Our daily lives are now inexorably linked to digital communication and collaboration tools. Many businesses have had to overcome new challenges associated with remote work, heavily relying on videoconferencing tools like Zoom, MS Teams, WebEx and others to maintain productivity and business continuity. Yet none of these widely used platforms have made user security their number one priority. The new realities around business communications and remote work are here to stay, and thus consumers who rely on collaborative technologies will continue to be vulnerable to data theft.
Q: How has the pandemic impacted how businesses collaborate and maintain employee engagement?
GW: The past two years have had profound effects on the way people live, work, and particularly how we communicate with one another. Remote work has officially become the new normal across every sector and industry, which has dramatically accelerated the necessity of being able to conduct business using videoconferencing platforms. Even with these tools at our disposal, keeping employees engaged, productive and feeling like they’re fully connected continues to be a challenge for companies large and small.
Yet at the same time, as businesses have upped their reliance on virtual meetings, new privacy issues have come to the forefront. Organizations are increasingly concerned that IP, company data and sensitive conversations won’t be left out in the open to hackers, who now view virtual conferencing platforms as a new battlefield for cyber warfare.
The biggest threat vector that none of these widely used platforms have addressed is authentication. Not a single one of these service providers is a cybersecurity company, and therefore, lack the fundamental understanding of how to prevent unwanted intruders from logging into your videoconference meetings, or using malware to exfiltrate sensitive information.
Q: Do videoconferencing platforms encrypt the audio and video?
GW: This might seem like a no-brainer, but it wasn’t until somewhat recently that Zoom started to do this. Without this key feature, anyone can eavesdrop on your conversation and see what’s on your camera without you even knowing it. With fully encrypted audio and video, on the off chance a cyber attacker can break through this line of defense, there is not much they can hijack that is worth any value because what is being spoken and seen is entirely encrypted.
Q: What is the best way to authenticate video meeting participants?
GW: Aside from having the option to require a password, most videoconferencing platforms fall very short in regards to authentication. Proper authentication is quite literally the first line of defense and should be taken the most seriously. Without it, it is near impossible to identify meeting attendees as who they claim to be.
Here are some recommendations for “must-have” authentication features that organizations should be looking for when choosing a videoconferencing platform:
- One-Time Meeting Passcodes (OTMP): Users are sent a unique code that is tied specifically to the user’s email in order to gain access to the meeting, and the code can only be used once.
- Two-Factor (2FA) and Multi-Factor Authentication (MFA): Requires the user to provide two or more verification factors to gain access to a meeting. 2FA and MFA are commonly used in conjunction with an OTP as an additional verification factor.
- Out-of-Band Authentication (OOB): This is a type of 2FA that requires a secondary verification method through a separate communication channel. For example, one channel could be the user’s internet connection on their computer while the other could be their wireless network connection on their mobile device.
- Biometrics: This is where a unique physiological or behavioral trait is captured to confirm the individual’s identity such as their finger print, facial recognition, or a retina scan.
Q: Why is endpoint protection important?
GW: Endpoint protection as a videoconference cybersecurity feature encompasses the endpoints of the devices from which the meeting participants are using to connect to the platform which can be susceptible to malware spying. Audio and video encryption only works for data in motion as it’s traveling over the internet, not if malware is on your local computer. Therefore, these are the endpoint protection features that you should be looking for to ensure proper security and data privacy:
- Camera Protection: Prevents malware from stealing camera stream
- Microphone Protection: Prevents malware from stealing microphone stream
- Audio-Out Speakers: Prevents camera from stealing audio stream (what others are saying)
- Keystroke Protection: Prevents undetected keyloggers from capturing keystrokes i.e. credentials, corporate and customer data
- Screen Capture: This eliminates the risk of unauthorized screenshots from taking place
- Clipboard Protection: Prevents copied clipboard data from being stolen by malware
Q: How should we be thinking differently about videoconferencing and cybersecurity moving forward?
In today’s business environment, collaborative communications have become nearly ubiquitous, and in the post-pandemic world companies and their employees will be facing more sophisticated cyber threats than ever seen before. We believe it is imperative that all organizations, government agencies and private sector companies recognize the existing data privacy vulnerabilities, and begin implementing frameworks that can ensure users stay protected while conducting sensitive business. It has become mission critical to develop cybersecurity initiatives and put protocols in place to meet these new expectations.
Based on research, we’ve seen a need for setting standards and guidelines around videoconferencing security. Data from videoconferencing meetings can be easily breached, and needs to be handled with the same diligence and governance as information shared across other mediums. This is why we developed a set of standards and best practices, in accordance with National Institute of Standards and Technology’s (NIST) own cybersecurity framework, which identifies and classifies meetings based on its sensitivity and appropriate levels of security. Moving forward, businesses and government organizations must make videoconferencing security a core focus.
George Waller, Executive Vice President and co-founder of StrikeForce Technologies, is an entrepreneur and technologist with over two decades in the cybersecurity and computer industries. He played a pivotal role in introducing two leading cybersecurity technologies: out-of-band authentication and keystroke encryption to the marketplace. Today, these technologies are used in banking, health care, education, manufacturing and government sectors. For more information, please visit www.strikeforcetech.com.
Leave a Reply