1. Encryption of Audio and Video:
• Ensure that all audio and video data transmitted during collaboration and video conferencing sessions is encrypted. This helps protect against eavesdropping and unauthorized access to sensitive information while data is in transit.
2. Authentication and Access Control:
• Implement two-factor authentication (2FA) for every participant joining all meetings. This adds an extra layer of security beyond just a username and password.
• Enforce the usage of 2FA for all non-Active Directory (AD) or LDAP users, ensuring that security measures apply to all participants, regardless of their directory services affiliation.
• Utilize a system that has a “lock the room” feature when setting up public meetings. This helps control and limit access by preventing unauthorized individuals from joining and ensures that only intended participants can attend.
3. Granular Control over Devices & Processes:
• The ability to lock down devices & processes during collaboration sessions must be a top priority for all C-level executives because hackers can utilize malware to exfiltrate confidential data at the device & process level i.e., audio, video and microphone streams. It is imperative that the below devices & processes be proactively protected.
• Camera: The ability to proactively control which applications have access to your camera, while blocking those that are not authorized.
• Microphone: The ability to proactively control which applications have access to your microphone while blocking those that are not authorized.
• Speakers: The ability to proactively control which applications have access to your audio in/out stream while blocking those that are not authorized.
• Keyboard: The ability to proactively encrypt all keystrokes at the kernel level of the operating system, preventing undetected keyloggers from stealing keystrokes.
• Clipboard: The ability to proactively stop malicious malware from hijacking sensitive clipboard data when copy-n-pasted.
• Screen-sharing process: The ability to proactively protect the screen-sharing process and prevent non-authorized applications from screen scraping sensitive and confidential data.
Incorporating these measures will greatly improve the overall security of your video conferencing sessions. This approach encompasses encryption, authentication, access control, and precise device management, ensuring the protection of sensitive data and upholding the confidentiality of your discussions.
We chose to release this best practice guideline because, as a 22-year-old cybersecurity company focused on safeguarding video conferencing data, we find it necessary to share insights on the most effective methods for achieving this goal. This is particularly crucial because none of the existing video conferencing vendors in the industry specialize in cybersecurity. Consequently, their platforms lack essential cybersecurity features required to ensure the security of your confidential data.
If your organization aims to safeguard confidential data in video conferencing sessions, we urge you to explore our Zerify Meet secure video conferencing platform. Alternatively, if you are satisfied with your existing video conferencing solution but find yourself lacking precise control to protect your devices and processes, we recommend integrating our Zerify Defender desktop agent. This addition will provide the granular control needed to secure your collaborative data effectively.
Zerify has earned recognition from industry-leading analyst groups such as Forrester and Aite-Novarica, affirming our position as a leader in secure video conferencing.
Contact us if you have any questions using the information below:
George Waller
gwaller@zerify.com