VTC Platform Security Best Practices


The use of video teleconferencing (VTC) platforms has exploded as companies require employees to work from home to stay safe during the global pandemic. This increased use of video conferencing technologies opens new vectors of risk for companies and has helped identify security and privacy concerns within these platforms, specifically with Zoom. Bad actors are targeting the vulnerabilities of VTC platforms and exploiting them to steal information, as well as to inject malicious code into corporate systems. In addition to primary attacks, targeted phishing attacks using video teleconferencing as the subject are being launched at increasing rates.

Security vulnerabilities and data privacy issues of the Zoom platform have been trending topics in national media, and there has been a surge of “Zoom-bombing,” where unauthorized persons gain access to a video teleconference and display lewd, threatening or otherwise inappropriate images and language.

Even if a company does not use Zoom as its VTC platform, employees may be invited to a Zoom meeting from other business partners. It is critical that employees understand the limitations to security and best practices for use of the platform.

The term end-to-end encryption (E2EE) is being referenced by many of the articles regarding Zoom and other VTC platforms. E2EE is a method of secure communication that prevents third parties from accessing data while it is transferred from one end of the system or device to another. E2EE is more secure because only the meeting host and participants devices can decrypt related audio and video. Currently, Zoom does not support E2EE. Zoom technology utilizes transport encryption, the same protocol used when accessing secure (https) websites. This means the Zoom can access the video and audio of a meeting that uses the Zoom platform.

While Zoom has been the focus of many recent articles, there are several VTC platforms in use by companies that each have associated risks; some also have limitations on the applications they support.

Click here to request the latest Insite Briefing that offers best practices to mitigate some of the issues identified on the Zoom platform. This informative briefing also provides security insights into the different VTC platforms and an overview of which platforms support end-to-end encryption (E2EE).

#VideoconferenceSecurity #ZoomSecurity

© 2020 Insite Risk Management