Security online

In an age when organisations likeWikileaks and Anonymous function on the internet, the biggest concern with taking to online services for companies is being hacked. Sensitive information, including but not restricted to trade secrets are often jeopardized and organisations usually go to great lengths to ensure that emails and other internet services are encrypted and protected by a firewall.

The New York Times recently published an article about the lack of safety measures taken by companies that are vulnerable to losses through information leaks. The article explains how companies often set up their videoconferencing so it works outside the firewall to bypass complicated network configurations. Rapid7, a Boston based company that looks for security holes in equipment apparently dialled into several companies’ unguarded, empty meeting rooms.

The article, however, simplifies the issue too much. It’s not that easy to just hack and overhear sensitive information being discussed via videoconferencing traffic online. Here are a few reasons why:

Firstly, as an industry standard, all video conferencing signals are Advanced Encryption Standard (AES) encrypted. A potential hacker would have to hack the encryption to access the audio or video of the call.

The other concern raised by the article that involved no hacking, but simply calling various businesses’ “unprotected” video conferencing lines using their IP address also seems unlikely, since it would mean accessing IP addresses, only numbers and no names. Stumbling blindly through the list wouldn’t really serve the purpose of someone intending to dial into a particular meeting room.

Secondly, while clarity of audio and video at cheap prices has been the focus of development, video conferencing has a history of being used by military organisations and has always been enhanced with security in mind.

Thirdly, and most importantly, the odds of someone hacking into or calling via video conferencing to spy on a confidential meeting completely unnoticed are very low. Most video conferencing equipment usually ring loudly when called, even if they are set to auto answer, thus alerting everyone in the room to the call. It would be pretty impossible for someone to quietly eavesdrop.

Despite the obvious flaws in the arguments raised by the article, for the security conscious, here are a few ways to safeguard themselves.

Firewalls

Like any other IP device, videoconferencing can and should be set up inside a firewall. It does make things a little complicated, but is still usable. Smaller systems may choose to work outside a firewall, but that does leave it open to random calls.

Auto Answer

Most videoconferencing equipment is set to auto answer as a default. While some may choose to turn it off, an alternative may be to leave auto answer on while muting the mic so that someone calling in will not interrupt or overhear an on-going conversation.

Camera Controls

When the system is not in use, it’s advisable to always use the physical lens provided to cover the lens. Even when in use, it can be pointed at a wall or a corner if the meeting room is private. Furthermore far end controls can be disabled so that random callers can’t take a look around a private room by dialling in.

Directory & Password Protection

Do not publish or give out any numbers. If it is being shared, via B2B directories, be certain of how it is being distributed. Videoconferencing can be password protected as well, to prevent unauthorized users from finding your directories.

Meet-Me Rooms

All incoming calls can be directed to a meet me room using a network bridge. If a hacker then dialled in, it would not be to the physical meeting room and their presence would be immediately noticeable.

Videoconferencing can be adjusted to meet different security requirements, and the suggested precautions are simple steps that can be taken at any time to ensure safety.

Author

PriyankaZaveri is a freelance writer, online marketer and SEO consultant. Priyanka writes for many online publications, as well as developing content and articles for a variety of well-established websites. Her latest project is writing informative articles on the subject of virtual assistants and serviced offices for the reputable online agency Your Professional PA.