With virtually every business shifting to remote work almost overnight, the popularity of video meetings has exploded. Not only have companies had to shift all their face-to-face discussions online, but video meetings have also surged as employees suddenly discovered the need to feel connected in ways that phone calls and text messages simply can’t provide (virtual happy hour, anyone?).
Of course, that kind of rapid popularity often brings with it a spotlight. Given that many online meetings involve confidential information, it’s natural that companies want to ensure that their meetings remain secure from unwanted participants and unwanted activity.
Fortunately, options exist to combat security threats. Many of these options center on two key themes: finding a video meeting solution with the security features necessary to safely moderate meetings, and using best practices for hosting and conducting meetings. Let’s take a closer look at a few important questions to ask yourself to ensure that your company keeps its video conferences secure.
1. How do you prevent unwanted attendees in video meetings?
Given the confidential nature of many business meetings, it’s important to ensure that unwanted guests can’t attend video discussions. Fortunately, there are ways for you to protect your meetings from unwanted visitors:
- Use a password for your video conference, which remains the single most effective way to prevent intruders. Be sure your video conferencing solution includes the ability to create passwords for your meetings. Unless you specifically want your meeting to work otherwise, make passwords mandatory for all attendees.
- Only send meeting links to people you want to attend the meeting and do not publish meeting links on social media.
- Some meeting solutions offer an option to allow participants to join the meeting before the host. Use this option cautiously.
- Lock meetings after all participants have arrived.
- After attendees have joined, take a minute to verify your participants on the call. To be safe, if you don’t recognize a name or a caller ID, just ask.
2. What are your provider’s data encryption standards?
Overall, be sure you’ve carefully examined your provider’s data encryption standards. In particular, look at how their solution encrypts data both in transit and at rest. For data in transit, key protocols include Transit Layer Security (TLS), Session Initiation Protocol (SIP) over TLS, Secure Real-Time Transit Protocol (SRTP), and WebRTC (Real-Time Communications). For data at rest, look for Advanced Encryption Standard (AES) with 256-bit keys.
3. Has your video meeting solution been audited for security?
Third-party audits are an indication of a company’s security maturity, their commitment to verifying their security controls, and their transparency with customers. There are several third-party audits to look for when evaluating video meeting solutions:
- SOC2 and SOC3: These validate that service operations controls regarding security, availability, and confidentiality are operating effectively.
- HIPAA, FINRA, and HITRUST: Highly regulated industries, such as healthcare and finance, have specific regulatory requirements when it comes to security. HIPAA, FINRA, and HITRUST audits help customers understand how their provider addresses these requirements. These types of audits are a good indication that a provider understands customer needs in these specific areas.
4. How is your provider handling its cloud security?
Cloud security refers to how your provider protects its cloud infrastructure, back-end communications platform, service environments, and service operations. Transparency from your provider is a must. Key components of a strong cloud security posture include:
- Multi-layered security that consists of border defenses, multi-factor access controls, cloud security infrastructure, host-level defenses, security telemetry, and monitoring
- Operational security practices that your provider audits regularly
- Dedicated security personnel. Does the provider have dedicated teams for a variety of security roles, such as security infrastructure, application security, security data analytics, and detection and response?
5. How are security measures built into your video meeting solution?
In addition to the security of its cloud infrastructure, providers need to build strong security measures into their applications, as well. Here’s what to look for:
- Internal and external expertise: Your provider should have strong internal and external expertise evaluating each release of its product, with testing that uses both automated and manual methods.
- Secure software development practices: A strong provider will use multiple secure software development practices throughout different phases of software development.
- Penetration testing: External perspectives by qualified testing firms are an important product security testing activity.
6. What is your provider’s security culture?
More than any of the specific technologies and processes described above, the mark of a secure software provider is best reflected in how embedded security is in the culture of the company. That can be a difficult attribute to measure, but consider these elements:
- How long has your provider been building secure cloud products? More experience often leads to better results.
- Ask your provider point-blank to describe their security philosophy, then listen for how passionately the company describes its approach to the following:
- Embedding security principles into product development activities, infrastructure, and service operations
- Engaging with independent third-party experts to test security measures and recommend best practices
RingCentral’s vision of security emphasizes the importance of both internal and external perspectives. We undergo frequent and proactive testing, assessments, and third-party security audits throughout the year to give our customers assurance that controls are operating effectively for various environments.
RingCentral Video, our video conferencing solution, is built with security in mind, leveraging open standards such as WebRTC and supporting meeting attendance without the need to install any software. You can learn more about RingCentral Video by checking out our video below. Click here to get a demo today.
Originally published Apr 30, 2020, updated Oct 19, 2020