Communications in an unsecured video conference can be listened to and recorded at any time. Access to online meetings should be controlled, just as it is for face-to-face meetings.
Video conferencing, a mine of information for cybercriminals
The use of videoconferencing is no longer occasional: it is a daily occurrence for most companies. Management meetings, team meetings, crisis meetings, financial reviews and business strategy presentations are all essential moments that are now organised in hybrid or remote mode.
In teleworking, the information exchanged daily between employees can also be strategic.
During these online meetings or virtual conferences, this multitude of sensitive data circulates. This is a goldmine for cybercriminals who will do anything to access it.
Unwanted intrusions into videoconferencing
During the health crisis, the phenomenon of “zoombombing” appeared in video conferences. This phenomenon got its name from several unwanted intrusions into Zoom videoconferences in 2020. It can be a simple troll, but sometimes the intrusion goes further.
Even the most strategic meetings are affected by this phenomenon: Dutch journalist Danier Verlaan managed to infiltrate the confidential video conference of the European Union’s defence ministers. These intrusions are an open door to industrial espionage.
The FBI has also conducted several investigations into hackers who infiltrated online meetings, threatening participants with racist, homophobic or anti-Semitic messages.
A rise in deepfakes in cyber attacks
In addition to zoombombing, one method of intruding into online meetings is becoming increasingly popular. This is the deepfake, a process that makes it possible to take on the appearance of another person.
VMware, a cloud solutions provider, recently published a study on the subject. It surveyed 125 cybersecurity professionals and 2/3 of them said that the use of deepfakes in a cyber attack has increased by 13% compared to last year.
Hackers using deepfakes are increasingly targeting corporate video conferencing tools. This is the case for video conference job interviews in particular, and especially in the new technology sector. These cybercriminals use deepfake and try to get recruited in order to gather information about the company.
Important financial consequences
Espionage in video conferences, in any form, represents a real danger for the entire organisation.
If cybercriminals succeed, the consequences are often dramatic. As a result of data theft, companies are bound to experience a significant loss of turnover, as well as a considerable increase in costs, especially in terms of redesigning the security of their IS. The reputation of the organisation is also strongly impacted.
How to avoid these intrusions in a videoconference?
In order to limit the risks of intrusion, a videoconference must therefore meet certain security criteria, which are more or less important depending on the risks. For example, an online meeting of a co-management online meeting, where a lot of confidential information is shared, necessarily requires a maximum level of security.
In its video conferencing solution, Tixeo includes a login and password authentication (encrypted and non-reversible). This process is particularly suitable for sensitive online meetings. Indeed, only authenticated and invited users will have access. The organizer will have to validate their access and will be in full control of the participants to his videoconference.
Keeping control of the participants
The organiser must also keep full control over the participants in his online meeting, both before and during the videoconference. In the event of an intrusion, this enables a quick reaction and limits the impact.
In a Tixeo secure videoconference, invited participants have only minimal rights, including audio/video communication and viewing of shared documents. Only the organizer has all rights in the meeting and can :
- partager des documents (écran, applications, fichiers…),
- accorder des droits de partage à un autre participant,
- ou encore lui retirer le droit de parole, voire le droit d’afficher sa caméra.
The organizer can remove people initially invited to a meeting at any time. Tixeo goes even further by offering the possibility to delegate the rights to organize and manage a meeting, right from the planning stage.
For example: Alice could organise an online meeting and give management rights to Bob. Bob can then remove Alice from the meeting. This feature is particularly interesting for people who want to delegate the setting up of a videoconference while having full control over it.