Video conferencing is a powerful tool that enables real-time, face-to-face communication with colleagues around the world. With this method of interaction, a business manager from Argentina can have a virtual meeting with the heads of his factory in China, and military officials in the Pentagon can give new orders to soldiers right on the battlefield. At the same time, security is essential for video conferencing, especially when it comes to corporate communications. If the solution for online meetings is not sufficiently protected, confidential documents and users’ personal data may be exposed to intruders. Such a situation can lead to an unpleasant or even dangerous outcome, resulting in the discrediting or closure of the organization.
Video conferencing security is already protected by several laws that prioritize user privacy. Recent government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR), require healthcare providers, financial institutions, and other companies to ensure the safety of all electronic data related to their customers and patients. After the innovations, most vendors have become even more responsible for the security systems of their solutions.
Here are 5 more things to help with security for video conferences:
- Your password must consist of at least 8 characters, including a combination of uppercase and lowercase letters, and must be changed regularly every three months. IT-security experts also strongly recommend using multiple forms of authentication to log in to accounts, and also warn of the danger of reusing the same login credentials.
- Only install software from reliable sources that you know and trust: otherwise, you may put the computer’s security at risk. If there is such an opportunity, you can even hire a specialized software development team to help solve the problems.
- Regularly updating the software and operating system will help protect the devices from new viruses and malware. Thus, your personal computer or laptop, tablet or smartphone will work efficiently and the likelihood of a cyber attack will decrease significantly.
- Use a firewall on the devices to monitor, filter, and block any unauthorized network traffic connections. Antivirus is also important to protect against potential cyber threats and their repercussions.
- A Virtual Private Network (VPN) is an excellent way to protect your privacy, as all your traffic is routed through an encrypted tunnel and passes through a secure server before reaching the Internet. Thanks to VPN, you can remain anonymous if you are concerned about privacy. For example, providers like NordVPN, will help you remain anonymous if you are concerned about privacy.
Types of video conferencing encryption
There are several ways to encrypt your video conference traffic: the most popular being TLS, SRTP and E2EE.
Transport Layer Security (TLS) is a cryptographic protocol that provides communication security and privacy over the Internet and is used in applications such as web browsing, email, instant messaging and voice over Internet Protocol (VoIP). Notably, TLS is frequently applied to protect online transactions, such as corporate credit card purchases and bank transfers.
Secure Real-time Transport Protocol (SRTP) is a key component of secure voice and video communication, providing end-to-end security between two parties. SRTP is used to protect the confidentiality and integrity of data as it is transmitted over a network.
Secure Real-time Transport Protocol (SRTP) is a key component of secure voice and video communication, providing end-to-end security between two parties. SRTP is used to protect the confidentiality and integrity of data as it is transmitted over a network. When looking for a video conferencing solution, be sure to ask if it offers E2EE. If encryption is present, then your data will be secure for as long as you use it.
An overview of video conferencing solutions
Ensuring the security of video conferencing requires careful selection of the solution you trust. Many vendors are quite negligent regarding user privacy, ignoring the threat of cyberattacks. That is why we have compiled a list of solutions for you that provide security using various methods of data protection, including encryption.
TrueConf
TrueConf is an on-premises solution that works without an internet connection and is deployed on your local area network (LAN) or virtual private network (VPN). With this video conferencing platform, users can take advantage of various collaboration opportunities, such as secure chats and content sharing. You have complete control over all communications, ensuring protection against leaks.
Security
In addition to the fact that the video conferencing solution operates on your company’s equipment, all media streams are encrypted according to the AES-256 standard and are transmitted over secure TLS connections. Personal data is located only within your corporate network, and only the administrator has access. Thus, TrueConf is equipped with 9 levels of protection, ranging from basic to cryptographic.
Let’s understand the device of the platform in more detail:
Mandatory Authorization. Unless they enter their username and password, users cannot access the TrueConf server, except for guests of public conferences.
Access rights. You can grant the ability to use the control panel only to a specific range of IP addresses, individual administrator accounts, or computers within your corporate LAN.
Vulnerabilities
As previously mentioned, your server resources are not shared with third-party users or companies, thus greatly reducing the chances of anyone accessing your data.
Google Meet
Google Meet is a secure cloud solution that enables you to organize both individual and group video conferences. The platform offers many opportunities for collaboration, such as the well-known Jumpboard. As for the participants, Google Meet allows even unregistered guests to join the conference using the meeting code.
Security
The solution was initially created as a business tool in the Google Workspace suite, but eventually became available for non-commercial use. To protect personal data, the online meeting platform adheres to TLS and SSL standards for encryption at the transit level. Registered Google users also have the option to enable two-factor authentication using FIDO-compatible text messages, authentication apps, or security keys.
Vulnerabilities
Google Meet does not support end-to-end encryption: instead, it uses DTLS-SRTP to protect connections. However, it may be an unpleasant discovery for some that the vendor of the solution stores data on delays and performance. Such “collectible” information includes the data transfer rate, estimated bandwidth, names of conference organizers, IDs of participants, IP addresses, as well as the date and calendar ID of the meeting.
Security researchers recently highlighted a vulnerability in Google Meet’s URL redirection feature, which could lead users to counterfeit domains and make them victims of cybercriminals. Furthermore, if you join a meeting from a smartphone, the audio is transmitted over the telephone network and may not be encrypted.
Slack
Slack is a corporate messenger that can support video chats for up to 15 users. As with other vendor services, this solution requires mandatory login to your account and uses a secure system to protect confidential data. This is explained by the fact that Slack supports integration with almost 100 third-party services, such as Dropbox, Google Drive, and even Twitter.
Security
Data transfer between the messenger and the Black service is carried out using reliable encryption protocols and signatures, such as TLS 1.2, AES-256 and SHA2. It is noteworthy that such a protection system only works with the consent of the user, who must approve the processing of his or her personal information. Confidential data at rest in the Slack production network is encrypted in accordance with FIPS 140-2 standards, including relational databases and file storage. At the same time, all encryption keys are stored on a secure server with restricted access.
Vulnerabilities
If you are going to use Slack for business purposes, you need to be aware of the associated risks.
In 2015, Slack was hacked, revealing flaws in the messenger’s security system. The company announced that its system had been hacked, and the attackers had access to the database for four days, jeopardizing the privacy of its users. After the cyberattack, Slack experts also discovered suspicious activity from some accounts that had been clearly compromised by criminals.
In 2019, Tenable specialists also discovered a vulnerability in the Windows version of Slack. The client application provided an opportunity to change the download destination and steal, modify, or add malware to files. The critical vulnerability also allowed for remote code execution (RCE). Hackers could gain full remote control over the Slack desktop application with a successful exploit, thereby gaining access to private channels, conversations, passwords, tokens, and keys.
Skype
Skype, created by Microsoft, is a free software for making video calls. The “Meet Now” option allows presenters to invite both registered participants and anyone else in general to a virtual meeting, without needing an account. As for commercial purposes, it is worth noting that Skype for Business will cease to exist on July 31, 2021.
Security
Skype uses AES, also known as Rijndael, which is employed by the US government to safeguard confidential information. At the same time, the encryption itself is 256-bit and has proven to be reliable. The Skype server uses 1536 or 2048-bit RSA certificates to certify users’ public keys.
Vulnerabilities
By default, Skype does not use end-to-end encryption, meaning that Microsoft can view all messages, calls, and files. In addition, the vendor records people’s interactions on their platform, including but not limited to:
- Chat history
- Activity status
- Telephone numbers
- Files sent and received
- Time and duration of calls
Microsoft claims that it also collects user data from third parties, even brokers. Additionally, the corporation utilizes personal information for targeted advertising, personalization, research and development, and to improve its products. Personal data is also shared with Microsoft affiliates, subsidiaries, and suppliers.
WebEx
The WebEx video conferencing platform has existed since 1995 and is widely used by privacy-conscious companies in the healthcare, information technology, and financial services industries. This is partly because all three sectors had resorted to virtual meetings long before the COVID-19 pandemic, but mostly due to the solution’s reputation for maintaining strong cybersecurity. WebEx’s parent company, Cisco, has long established itself as a reliable and secure vendor for corporate interactions.
Security
By default, WebEx makes user data readable by the server, but it also offers additional end-to-end encryption for up to 200 users, which is more than many of its competitors. Holders of free accounts can contact customer support to further protect themselves. Despite considering the possibility of hosting an on-premises solution, the vendor offers a Cisco Meeting Server for these purposes.
Vulnerabilities
In 2020, Cisco engineers prepared fixes for three vulnerabilities that hackers could exploit during WebEx conferences. IBM discovered security breaches that allowed an attacker to join an online meeting as a ghost user and gain access to personal data. Therefore, a cybercriminal could discover the full names, email, and IP addresses of conference participants.
It is highly likely that you have friends or relatives on WhatsApp, as this messenger already has over two billion users. The solution was created in 2009, but it reached its peak popularity in 2015 and even became the main means of communication in several countries, including Latin America. WhatsApp enables users to organize personal and group chats, make audio and video calls, share files, locations, and even create polls.
Security
To ensure privacy, the solution supports end-to-end encryption, which prevents even company employees from viewing your messages or listening to conversations. WhatsApp also allows users to enable two-step verification to further protect their personal data and send disappearing messages.
Vulnerabilities
In January 2021, Meta announced an update to its privacy policy, stating that WhatsApp would store personal metadata and share it with Facebook and its “family of companies” (e.g., Facebook Messenger, Instagram) starting in February of that year. Previously, users could refuse to transfer information in the settings, but now this feature is not possible.
In 2022, as a result of the leak, nearly 500 million users’ personal data was released into the network. As it turned out, Meta had been storing users’ confidential information in an almost unencrypted form for many years, resulting in hackers being able to easily bypass the security system and gain access to it. In the following years, residents of 84 countries, including the United States, Italy, and France, suffered from the actions of fraudsters and criminals.
Zoom
Zoom is a video communication platform that offers a wide range of collaborative tools. The solution gained the most popularity in 2020 during the pandemic, as many companies and organizations started using it for remote work. It is noteworthy that many enterprises continued to use Zoom even after the lockdown was lifted, demonstrating its continued great demand.
Security
When using a Zoom client, video, audio, and screen sharing are protected in transit with AES-256 and a one-time key for that specific session. To further protect your privacy, the solution allows you to enable additional end-to-end encryption.
Vulnerabilities
“Zoombombing” is still a huge stain on the company’s reputation in terms of security. The precedent of intruders appearing in conferences and subsequently demonstrating profanity has become one of the largest hacker attacks in the history of video communication. Attackers could also send, edit, and remove chat messages, as well as remove other participants from online meetings.
Secure video conferencing solutions
| TrueConf | Google Meet | Slack | Skype | WebEx | Zoom | ||
|---|---|---|---|---|---|---|---|
|
Maximum number of participants |
1 000 | 250 | 15 (with paid subscriptions) | 100 | 1,000 | 32 | 1000 |
|
Free version |
12
|
100 participants up to 60 minutes
|
2
|
100 participants up to 4 hours
|
100 participants up to 40 minutes
|
32
|
100
|
|
Security measures |
256-bit TLS, AES, local deployment, and offline operation | TLS, SSL, and two-factor authentication | TLS 1.2, AES-256 and SHA2 | AES-256, 1536 or 2048-bit RSA | E2EE | E2EE, 2-step verification | AES-256, E2EE |
|
Self-hosted deployment |
+
|
–
|
–
|
–
|
–
|
–
|
–
|
|
Privacy |
 |
 |
|
|
 |
|
|
Are you ready for secure video meetings?
Security is one of the most important considerations when organizing virtual meetings. Regardless of whether you are holding a conference for the first time or have been discussing work issues remotely with colleagues for a long time, the privacy of communication should remain a priority, even if it appears that there is nothing to fear. TrueConf online meeting solution offers 9 levels of user data protection, stable video communication in 4K resolution, and a wide range of collaboration tools.
