Go back

Secure Video Conferencing: 7 Best Apps and Best Practices

November 21, 2021
Alina Krukova

Alina Krukova

Video conferencing is a powerful tool that enables real-time, face-to-face communication between colleagues around the world. With the help of video conferencing, a business manager from Argentina can hold a virtual meeting with the managers of his factory in China, a sales director can demonstrate a new product to sales representatives across the country. Or military high officials at the Pentagon can send new orders to soldiers in the field.

Security is crucial for video conferencing, especially when it comes to corporate communications. During a video conference, sensitive information and data travels through internal and external networks, where it is susceptible to prying eyes of hackers. If a network is hacked, your personal data, meetings, recordings and files shared become the possession of a third party.

Secure Video Conferencing - Statistics

Video conferencing security is not only recommended for business communications, it is the law. Recent government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) or the GDPR, require that medical service providers, financial institutions and other companies protect all electronic data related to their clients and patients. That includes all electronic transmissions of customer personal data, including video conferences.

5 more things to help with security for videoconfernce

  • Use a strong password and change it regularly – Your password should be a minimum of 8 characters and include a mix of upper and lowercase letters, numbers and symbols. You should also change it regularly – at least every 3 months.
  • Only install software from trusted sources – This means that you should only install software from developers or distributors that you know and trust. Otherwise, you may be installing malicious software.
  • Update software and operating systems regularly – This will help protect your computer from new viruses and malware, and keep your system running smoothly.
  • Install a firewall and anti-virus software – It is important to install a firewall and anti-virus software on your computer to protect it from potential attacks. A firewall helps to protect your computer from unauthorized access, while anti-virus software helps to protect your computer from viruses and other malware.
  • Use a Virtual Private Network (VPN) – A VPN is a great way to keep your internet traffic private and secure. When you connect to a VPN, all of your traffic is routed through an encrypted tunnel and passes through a secure server before it reaches the internet. This means that your ISP and other third-party observers can’t see your traffic or track your online activity.

Types of Video Conferencing Encryption

There are a few different ways to encrypt your video conferencing traffic. The most popular options are TLS and SRTP.

TLS (transport layer security) is a cryptographic protocol that provides communication security and privacy over the Internet. It is used in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). TLS is widely used to protect online transactions such as credit card purchases and bank transfers.

Secure Real-time Transport Protocol (SRTP) is a key component of secure voice and video communication, providing end-to-end security between two parties. SRTP is used to protect the confidentiality and integrity of voice and video data as it is transmitted over a network.

You may also have heard of “end-to-end encryption” or E2EE.

The term is used to describe a security system in which all data is encrypted at all times, from the moment it is created to the moment it is destroyed. This means that even if someone intercepts the data while it is in transit, they will not be able to read it without the proper encryption key.

This level of security is essential for any business or organization that wants to keep their data private. This is especially important for videoconferencing, which may involve the exchange of sensitive information.

When looking for a video conferencing solution, be sure to ask if it offers end-to-end encryption. If so, it means that your data will be safe every time you use it.

An overview of video conferencing and collaborative tools

There are a few different ways to secure video conferencing. One way is to use a secure video conferencing service. These services use encryption to keep the conversation private.

TrueConf

Secure Video Conferencing - TrueConf app

TrueConf offers a self-hosted collaboration platform that works without an internet connection on your LAN/VPN network. With TrueConf, you are free to take full advantage of all the benefits that the video conferencing solution offers locally. While all communication, meeting recordings and personal data remain within your company network, under your supervision.

Download for free

Security

In addition to all media streams being AES-256 encrypted and delivered over secure TLS connections, the video conferencing server is located on your company premises. Third-party access to the server is restricted. User accounts are stored securely in your company environment. Only the system administrator has access to the personal data of the users.

TrueConf Server provides multiple security levels: from basic to cryptographically:

Mandatory Authorization:  Unauthorized users cannot access TrueConf Server (except for guests in public conferences) without authorization that always requires users to enter their logins and passwords.

Secure Video Conferencing Settings - TrueConf

Access permissions: You can limit access to your TrueConf Server instance with IP address range or with separate admin accounts. Alternatively, you can provide access to the TrueConf Server control panel only to the computers within your corporate LAN.

Secure Web Conferencing Settings TrueConf

Vulnerabilities

Your server resources are not shared with third-party users or companies, which creates very little chance of accessing your data.

Google Meet

Secure Video Conferencing - Google Meet

Google Meet has similar encryption and performance to Google Hangouts, but it has been built from zero and better suits business environments, allowing up to 250 users to participate in calls. You do not need to sign in to a Google account to join in a meeting. However, you cannot host Google Meet on your own server.

Security

Google Meet is Google’s main video chat tool in the Google Workspace suite. Google Meet has replaced the old consumer version of Google Hangouts. To make their service easier to use with other Google offerings, Meet is linked to your Google account. To protect the data that flows between user devices and Google’s data centers, the company uses TLS and SSL standards for encryption at the transit level. Users can enable two-factor authentication with FIDO-compliant text messages, authentication applications, or security keys.

Vulnerabilities

Google Meet doesn’t support end-to-end encryption. It uses DTLS-SRTP to secure connections between users. Google stores dozens of data on latency and performance (for example, bit rate, estimated bandwidth), meeting participants (for example, meeting organizers, names and IDs of participants, IP addresses), as well as details about the meeting itself, such as the name, date, and calendar ID of the event.

Security researchers recently pointed to a vulnerability in Google Meet’s URL redirection feature, which can lead users to spoofed domains and become victims of cybercrime. If you join a meeting over the phone, the audio is carried over the telephone network and may not be encrypted.

Slack

Secure Video Conferencing - Slack

Slack supports video chat for up to 15 users. Like other Slack services, it is not end-to-end encrypted and requires users to log into their Slack account. It doesn’t support self-hosting options.

Security

Transmission of all data between Slack clients and the Slack service is performed using strong encryption protocols. Slack supports the latest recommended secure encryption suites, to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, as long as clients admit it. Data at rest on the Slack production network is encrypted using FIPS 140-2 encryption standards, which apply to all types of data at rest within Slack systems: relational databases, file stores, database backups, etc. All encryption keys are stored on a secure server on a segregated network with very limited access.

Vulnerabilities

If you are going to use Slack for a business purpose, you need to be very clear about the risks involved, as well as the extent to which it can be mitigated.

In 2015 Slack was hacked, revealing breaches in its security. The company announced that for four days its systems had been hacked, compromising some of their users’ data. This included email addresses, usernames, encrypted passwords. Slack also detected some suspicious activity on user accounts, suggesting that at least some accounts were compromised.

Another security breach was discovered in Slack, allowing hackers to remotely exploit a vulnerability in Slack. To change the download location of files sent through Slack, allowing them to inject malware or alter information.

A critical vulnerability in the collaboration application Slack also allowed remote code execution (RCE). Hackers could gain complete remote control over the Slack desktop app with a successful exploit, and therefore have access to private channels, conversations, passwords, tokens and keys and several functions.

Skype

Secure Video Conferencing - Skype

Skype is Microsoft’s consumer video chat application, offering video conferencing for up to 100 persons. With their Meet Now option, Skype allows hosts to invite anyone to join in a meeting without registering to get an account. It is not end-to-end encrypted and cannot be self-hosted.

Security

Skype uses the AES (Advanced Encryption Standard), also known as Rijndael, that is used by the US Government to protect sensitive information, and Skype always used strong 256-bit encryption. Users’ public keys are certified by the Skype server at login using 1536 or 2048 bit RSA certificates.

Vulnerabilities

Skype doesn’t use end-to-end encryption by default. This means that all messages, calls and files can be seen by Microsoft.

  • Microsoft records user interactions, including:
  • Who is calling
  • Time and duration of calls
  • Chat history
  • Files sent and received
  • Telephone numbers called
  • Activity status

Microsoft claims that it also collects data about users from third parties, including data brokers.

Additionally, Microsoft uses personal data for targeted advertising, personalization, research and development, and to improve its products. Your data is shared with Microsoft affiliates, subsidiaries, and vendors. Microsoft can also submit your data in response to a legal request.

You can manage some of the data Microsoft holds about you, but not all, using its online privacy dashboard.

WebEx

Secure Video Conferencing - WebEx

The WebEx video conferencing platform has existed since 1995 and is widely used by privacy-conscious companies, healthcare, information technology, and financial services industries. This is partly because all three sectors used to resort to virtual meetings long before the COVID-19 pandemic, but mostly because WebEx has a reputation for maintaining strong cybersecurity. Cisco, its parent company, is an industry leader in hardware, software and security products for networks.

Security

Like many services, Cisco’s WebEx by default makes user data server-readable, but unlike many of its competitors, it also offers optional end-to-end encryption for up to 200 users. Users with a free account can contact WebEx customer service to activate end-to-end encryption. Although Cisco is phasing out its self-hosted meeting server option, it offers a different product (Cisco Meeting Server) for self-hosted video calls.

Vulnerabilities

Webex has had security issues in the past. For example, flaws in WebEx allowed intruders to have full access to a meeting without being seen. In 2021, multiple vulnerabilities in Cisco WebEx Network Recording Player and Cisco WebEx Player for Windows could allow a hacker to execute arbitrary code on an affected system.

WhatsApp

Secure Video Conferencing - WhattsApp

It is highly likely that you have friends on WhatsApp, as this service has over two billion subscribers. It uses the same encryption as Signal, so it is also end-to-end encrypted. WhatsApp is owned by Facebook and, although it cannot share the content of its conversations, it does share a lot of information with the company. For example, WhatsApp shares users’ contact lists with Facebook, among other things. If you’re comfortable with Facebook, WhatsApp is a reliable way to video chat with a group of up to eight persons. It can’t be self-hosted.

Security

WhatsApp’s end-to-end encryption ensures that only you and the person you are communicating with can read what is sent. Without intermediaries, not even WhatsApp can read the messages. The messages are secure with padlocks and only the recipient has the special key to unlock and read them. WhatsApp uses the Signal protocol developed by Open Whisper Systems.

Vulnerabilities

In January 2021, WhatsApp announced an update to the Privacy Policy that established that WhatsApp would store user metadata and share it with Facebook and its “family of companies” (such as Facebook, Facebook Messenger, Instagram) from February 2021. Previously, users could choose not to share this data, but the new policy removed this option. End-to-end encryption does not work on WhatsApp business accounts. So, what user data will be transferred from WhatsApp to Facebook? For example, the data that WhatsApp can collect includes what mobile device you use, what operating system you use, your time zone, IP address through which your exact location can be tracked (unless if you use a VPN or Tor, which hides your IP address), your profile picture and your status, your phone number, the information about all your contacts that are saved in your WhatsApp, the battery percentage of your device, the power of the network on your device, the version of the application, the browser information, the connection information (including the telephone number, mobile operator or ISP), the language, about and the last time seen.

Zoom

Secure Video Conferencing - Zoom

As the coronavirus pandemic forced millions of people to stay home over the past two months, Zoom became the preferred video meeting service: Zoom’s well-documented track record of security and privacy practices. Security researchers have discovered misleading claims about its encryption, as well as several vulnerabilities that could expose user data. Zoom does not provide self-hosting options.

Security

Video, audio, and screen sharing are protected in transit with Advanced Encryption Standard (AES) 256 using a one-time-key for that specific session when using a Zoom client.

End-to-end Encryption can be enabled. Advanced Chat Encryption, when enabled, allows secure communication in which only the recipient can read the protected message.

Vulnerabilities

Dozens of security and privacy issues have been detected in Zoom. From built-in care-tracking features to the recent rise of “Zoombombing” (in which uninvited persons enter and interrupt meetings, often with hate or pornographic content), the company security practices have called for more attention, along with at least three lawsuits.

Comparison table for secure video communications

TrueConf Google Meet Slack Skype WebEx Whatsapp Zoom

Maximum number of participants

1 000 250 15 (with paid subscriptions) 50 1,000 8 100

Free version

12 usuarios
/anfitriones para reuniones simétricas y colaboración.
Web conference with 1 host, up to 100 participants, no more than 60 minutes per meeting.
Video calls only
Videoconference of up to 50 participants, no more than 4 hours
Video conference of up to 100 participants, no more than 50 minutes
Videoconference of up to 8 participants
Web conferencing with 1 host, with up to 100 participants, no more than 40 minutes.

Security measures

Cifrado TLS + AES de 256 bits, implementación local, operación fuera de línea No end-to-end encryption No end-to-end encryption 256-bit TLS + AES encryption No end-to-end encryption No end-to-end encryption 256-bit TLS + AES encryption

Self-hosted deployment

+

Privacy

Gratuito
Secure Video Conferencing: 7 Best Apps and Best Practices 1
Secure Video Conferencing: 7 Best Apps and Best Practices 1
Secure Video Conferencing: 7 Best Apps and Best Practices 1
Secure Video Conferencing: 7 Best Apps and Best Practices 4
Secure Video Conferencing: 7 Best Apps and Best Practices 1
Secure Video Conferencing: 7 Best Apps and Best Practices 1

Ready for secure video meetings?

Security is an important issue to consider when organizing virtual meetings. Our recommendation is to make sure your video calls and recordings are safe by hosting your video communications platform on your own premises. 

Whether you are researching video conferencing for the first time or re-evaluating vendors for the next phase of your conferencing and collaboration solution, security should always be your highest priority. With the industry’s best security practices, TrueConf video collaboration platform is the most suitable choice for security-conscious companies


Sign up for newsletter