Remote work is here to stay – what does this mean for security?
In the past year, business organizations were forced to quickly move to a remote work plan in order to support both their employees and their customers during the initial days of the pandemic. At first, businesses rushed to create fixes and solutions that were expected to be temporary.
But for many organizations, remote work, at least in some form, is here to stay. In fact, a recent PWC report revealed that 78% of CEOs believe that remote collaboration will be permanent post-pandemic. After the initial period of rapid adjustment, organizations found that in many cases, their teams and their customers successfully adapted to remote operations, including groups and teams that collaborate on a regular basis. Digital meeting and collaboration tools are a part of the solution that has made remote work effective.
But organizations also found that some of these solutions carry security risks. The time for temporary fixes has passed, however, and organizations must act now to implement permanent solutions that ensure remote meetings and video conferencing are safe and secure.
Remote work expansion means more risks
One of the main ways that organizations have adapted to remote work is by replacing the majority of in-person meetings with remote video conferencing and meeting sessions. Everything from companywide or division meetings at enterprise organizations, to team meetings and even one-on-one meetings have been conducted online since March 2020. Even hiring processes that were typically face-to-face are now remote due to social distancing, as HR departments have moved to video job interviewing.
But this increased amount and type of remote meetings means that more personal information and data could be at risk. Confidential corporate information, trade secrets, personal information and customer data could all be at risk if video conferencing is not secure.
A recent article in National Law Review noted the example of HR departments and the need to secure remote hiring practices: video recording of job interviews could potentially expose organizations to significant data privacy and security risk. This risk must be managed through thoughtful policies and procedures.
When video conferencing systems are not secure, they are subject to a number of key vulnerabilities that cybercriminals and malicious actors can use to breach data and systems. Some of the most common breaches include:
- Hijacking of video conferences in real time.
- Data breaches or theft involving data shared or data in transit.
- Creating unauthorized recordings of meetings.
- Performing social engineering scams.
- Creating breaches in privacy.
- Results of human error, such as employees not following security measures or not being trained in proper security measures when using video software.
Organizations can create effective procedures to educate their employees and staff how to use video conferencing and digital collaboration tools safely, whether they are hosting or participating in remote meetings and collaboration. But there are other considerations when it comes to protecting data that is being shared during remote meetings.
Differing levels of data security
A crucial area of video conferencing security is whether an organization has sufficient control of its data, as well as how the data is transferred, and where it ends up after it has been transferred.
It may be surprising to learn that many of the most commonly used meeting software products use security approaches to data transfer that are too simplistic and don’t go far enough. For instance, some software providers tout their use of simple symmetrical key encryption approaches. But these methods don’t ensure true end-to-end encryption.
A more secure approach can be found in solutions using the most current and secure approach and technology to transport essential data, or true transport layer security (TLS) up to the current standards of TLS 1.3.
Ensuring sufficient control of your data and privacy
Making sure your organization’s video conferencing solution is secure is also hinged on controlling your remote meeting room content, video and audio. However, most internet-based meeting products connect with “cloud” servers, and endpoints are controlled and operated by the meeting provider. This means organizations have little control over their meeting content, and what happens to it.
A different approach to privacy and control
Lumicademy’s videoconferencing and collaboration solutions offer more control and data protection than many other options. Lumicademy’s platform allows each organization to control the level of encryption their meetings will enforce.
This control can range from what is required to be compatible with web browsers, PKI levels, RSA key depth, as well as available ciphers all the way up to the latest FIPS standards.
With the Lumicademy platform, organizations have the options to use their own web server certificates and domains which can easily be implemented using the developer web portal. Customers can also deploy their own modules onto their own cloud servers, not a proxy server. This approach allows them to maintain their own control and management, for routing of video and audio as well as content, documents, shared screens, and recording and storage.
Learn how Lumicademy’s solutions can help your organization offer secure conferences, meetings, and training for your teams and customers.