Best practices for video conferencing security


Share

By Niall Browne, SVP and CISO at Palo Alto Networks

The surge in video conferencing use during these challenging times shows us the power of community and being connected digitally. Video conferencing lets us share what’s important to us in realtime and to solve problems together without having to be physically present in one location. 

At Palo Alto Networks, we have embraced video conferencing to strengthen our channels for connecting with and supporting our customers, to transform how we lead and work together – and to protect our company from cybersecurity threats. 

Video Conferencing Security Risks

Here are a few risks that we’ve observed to date, and how organizations can take steps to address them: 

Meeting Bombing – In this type of attack, an uninvited guest joins a video conferencing meeting either to listen in on the conversation or to disrupt the meeting by sharing inappropriate media. These incidents are possible when:

  • You do not require a password.
  • The attacker is able to discover or guess the meeting ID, known as war dialing. War dialing software makes it possible for the attacker to find out the meeting ID, as well as information about the meeting including the meeting name and the meeting organizer.
  • Malicious Links in Chat – Once attackers gain access to your meeting room, they can trick participants into clicking on malicious links shared via the chat, allowing attackers to steal credentials. This reinforces that it’s more critical than ever to require passwords for all meetings.
  • Stolen Meeting Links –To avoid unauthorized access to your meetings, turn on notifications that will let you know when someone has joined your meeting room without you. Or better yet, don’t allow others to join your meeting before you do by disabling “Join Before Host.”
  • Data Shared With Third Parties –SaaS security solutions, like Prisma SaaS, automatically detect and remove the sharing of files that have confidential or personal information. For non-SaaS services, it’s important to have data protection agreements in place with third parties that address appropriate security controls; for example, data encryption, role-based controls for authorized users to access, etc.
  • Malware or Zero Day Attacks – When it comes to zero-day attacks, legacy anti-virus software is no match. You will need to protect from malicious activity by layering security at the endpoint and in the network.

Protected by the Security Cloud

Palo Alto Networks is helping customers create video conferencing Indicators of Compromise (IOCs). We have the ability to see threats ahead of the curve, and with the power of the cloud, we can instantly share this knowledge with our 70,000+ customers.

Many of our customers have proactively reached out to share security best practice stories and what has worked during these challenging times. This allows Palo Alto Networks the unique opportunity to help protect customer endpoints as well as video conferencing and internet traffic, using Cortex XDR and Prisma Access. This 360-degree security view of endpoints and traffic has been key to helping protect our customers against video conferencing threats, while ensuring that companies can continue to collaborate and maintain critical human contact as they rapidly scale a remote workforce. 

 Video Conferencing Security Tips

Leave a reply