By Allen Drennan, Co-Founder & CTO, Lumicademy
The changing landscape of cybersecurity and the increased threat of cyberattacks are among the key issues facing today’s technology leaders. Along with creating profound changes in the workforce, work from anywhere has also allowed new security concerns to emerge. During 2021, more sophisticated and destructive cyberattacks were widely reported, a trend which is expected to continue.
Gartner recently discussed some of the main factors exposing new attack surfaces, including changes in work and more widespread use of the public cloud. They cautioned, “These changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems have exposed new and challenging attack “surfaces.”
Along with vulnerable devices, connections and endpoints, video conferencing and video learning apps also represent a security risk. In the last two years, video conferencing software has expanded well beyond meetings. With the remote workforce, the majority of training, employee onboarding, and corporate education will continue to take place via video on a permanent basis. Remote learning is also a permanent option for higher education institutions. It’s imperative for organizations to make secure video solutions a priority, by implementing a true security approach to threats, instead of applying a “Band-aid” easy fix.
Risks Involving Video Conferencing Persist
Many of the same risks reported with video conferencing software early in the pandemic remain a factor, but they’ve evolved to even larger and more widespread digital attack surface areas. The most problematic areas include weak encryption protocol; vulnerable endpoints and networks; and vulnerable devices including laptops, phones, tablets, and IoT.
Organizations continue to report threats and cyberattacks involving video conferencing. Many of these incidents are still making headlines two years after the pandemic began, including:
- Hijackings of live video conferencing sessions continue to make headlines. Malicious actors are still targeting private sector companies as well as local governments, schools and universities.
- Infiltration of private corporate meetings. Cybercriminals are seeking access to confidential information such as content or recordings, trade secrets, intellectual property or other sensitive data.
- Attacks attempting to gain access to data or personally identifiable information (PII).
- Infiltrating messaging or chat features to send malware.
Organizations of all sizes are at risk, from small business to global enterprises. All stakeholders need to understand and implement cybersecurity protocols and practices in order to minimize these risks.
Key Recommendations and Best Practices for Secure Video Learning
For video conferencing security to be most effective, organizations must establish and set clear policies and then communicate these policies to their employees and other users. Approaches such as Implement Zero Trust Architecture and Multi-factor Authentication should be established as part of any cybersecurity approach.
Organizations should implement and develop policies that start with some basic parameters that everyone should follow when using any type of video conferencing solution. Security levels should be set to match the organization, or even the individual meeting, conference, or training session.
Specific organizations, sectors or industries with more stringent security and privacy needs must implement more restrictive policies to meet requirements or guidelines. More advanced security levels include encryption key depth, cipher strength, transport layer security level 1.3, end-to-end encryption and control over the location and secure deployment of all server and service resources. Government agencies as well as organizations in healthcare, financial services, and education are only some of the areas where advanced security protocols apply.
Other basic videoconferencing security guidelines and recommendations include:
- Restrict or limit administrative access for certain features
- Require unique meeting IDs
- Require unique passwords
- Conduct roll call in all meetings
- Let meeting host identify attendees before entering meeting room
- Limit sharing of confidential documents over video or screensharing
- Limit ability to screen share
- Restrict ability to share meeting invitations
These guidelines are only effective if everyone is using them. Organizations are responsible for making sure that their employees, users, and teams are aware of the policies and understand how to properly use security protocols such as Zero Trust, MFA in all of their video and remote conference sessions.
About the Author
Allen Drennan, CEO, started Lumicademy in October of 2017, bringing together the team of senior engineers who created Nefsis, a cloud-based, video conferencing online service, which Frost and Sullivan cited as the first “conferencing service solution based on the technologies of cloud-computing, end-to-end parallel processing and multipoint video conferencing,” to create the next generation of virtual classroom technology.
Engaging students and educators alike, Lumicademy provides the ability to interact in a live video meeting and view presentations with screen shares, document shares, annotations and whiteboards, all within a tablet or phone experience .Lumicademy offers a high quality video and audio user experience for most mobile devices with our GPU-centric mobile edition. Educators and learners can live chat with peers in up to 62 languages. Users enjoy the learning capabilities traditional ‘video apps’ cannot offer, with an unlimited amount of users joining in the mobile classroom experience.
At Lumicademy, we believe there’s a better way to connect people online. Our goal is to unify the virtual classroom experience, providing a modular and customizable solution to education industries and corporate organizations. We’re excited to bring the authenticity of face-to-face relationships in a virtually-driven world.
Allen can be reached online at https://www.linkedin.com/in/allen-drennan-0359a822/ and at our company website https://www.lumicademy.com/
Source: www.cyberdefensemagazine.com