Videoconferencing and Cybersecurity

How to Limit the Risks?


Videoconferencing has become an essential tool for many companies. Its use will likely to continue even after the end of confinement.

Some videoconferencing platforms have attracted a lot of attention because of their security vulnerabilities, and the threats they pose to users’ personal data. We cannot do a specific analysis of each videoconferencing solution, but a series of best practices can be applied on most platforms to reduce the risks.

There are mainly three types of risks:

  • The main risk to be covered is a data leak by passive and unauthorized listening to confidential discussions.

  • Risks linked to an invasion of privacy following improper use, configuration, or software flaws allowing, for example, taking control of the organizers camera without his knowledge, recording the call or even sending data from user accounts to third parties without authorization…

  • Documents, presentations, notes, and other chat messages exchanged (in addition to voice) which may contain sensitive information and which may be found on uncontrolled servers.

General Recommendations

  • A unique password for each meeting must be defined and provided to all guests.

  • If you do not have a password, use the ‘waiting room’ function to filter meeting participants.

  • The audio connection options must be configured so that the organiser is informed of the arrival of participants.

  • The organiser of a videoconference must ensure that the right people are invited and present in the meeting. Guests should not send these invitations to other people.

  • In the administration console, it is preferable to configure that recording sessions are prohibited.

  • Administrators should not disclose reports on user activities.

  • After use it is preferable to close the session.

  • It is advisable to ‘hide’ the webcam when it is not in use.

  • Screen sharing options must be set correctly to avoid unwanted screen sharing with the group. Normally, only the organisers or presenters of the meetings should be able to share their screen.

  • File sharing and note sharing options should be restricted to avoid storing sensitive information on uncontrolled servers.

Specific Recommendations

Depending on the circumstances, certain functions can be activated or deactivated. Better to think about it before the meeting, to adjust these parameters most appropriately, according to the needs of the different phases of the meeting. This will enhance both the comfort and the security of your meetings.

  • Video: Hosts should be able to turn off invitees’ video. This will allow hosts to block unwanted, distracting, or inappropriate gestures during videoconferencing.

  • Mute participants: Hosts can mute/reactivate individual participants or all of them at the same time. Hosts can block unwanted, annoying, or inappropriate noise from other attendees. While invitees are entering the conference, hosts can activate the mute function in their settings to keep the noise levels at bay during large meetings.

  • File transfer: Meeting file transfer allows people to share files via meeting chat. This option can be disabled to prevent the chat from being bombarded with unsolicited photos, GIFs, memes and other content.

  • Annotations: You and your participants can scribble and annotate content together using annotations during screen sharing. You can turn off the annotation feature in your settings to prevent people from writing on all screens.

  • Private chat: Most platforms offer meeting chat for everyone or participants can send messages to each other in private. You can limit participants’ ability to chat with each other while your event is taking place and reduce distractions. This will prevent everyone from receiving unwanted messages during the meeting.

Between Two Videoconferences…

  • Like all software, videoconferencing platforms must be updated regularly. Follow up as necessary.

  • Phishing campaigns using the Covid-19 theme or referring to videoconferencing have multiplied in recent days. The greatest caution is advised before opening an email which source is uncertain.