Is Your Videoconferencing Service Secure?
Until recently, videoconferencing services tried to strike a balance between ease of use and tight security, leaning toward greater access while people gained comfort with the technology. It took the current level of widespread use to highlight the need for cybersecurity measures, says Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology. These are information-sharing platforms that have the same vulnerabilities as any services that transfer data, Greene says.
NIST suggests several steps that agency meeting organizers can apply to take control. They can use unique meeting links, unique meeting identifiers and PINs for meeting access. They can set a roster of participants and let them into the meeting one by one, having unidentified participants “wait” in a greenroom before gaining access.
Sometimes this requires changing the platform defaults, Greene points out. “These tools are there, if you take advantage of them.”
Encryption of the audio and video data is standard for Zoom and similar platforms. If organizers record their meetings, though, they need to consider whether they need to encrypt those files and where they plan to store them, in the cloud or on a private server, Greene adds.
Equipment-makers are filling security gaps as well. Logitech’s BRIO camera uses facial recognition to log in users, avoiding the easily stolen or intercepted password for entry. Future iterations of the technology could use multifactor authentication to verify identity, such as a user’s voice or a familiar location where the user usually works.
Routers are another vulnerable point of entry for security breaches, Greene says. Users should make sure their routers are password-protected and stay current with patches and updates.
“Most attackers rely on people not updating,” Greene says.
Thorson echoes that notion: “When you see there’s a security fix in there, you need to do it, because somebody is always trying to break in.”
Read more at: Fed Tech Magazine