Video conferencing platforms have become an essential communication tool over the past year. In addition to increasing team collaboration, video conferencing can help prevent miscommunication among teams, increase engagement, and allow for face-to-face communication to help build relationships among teams, particularly for remote teams. Though the benefits are many, there are growing concerns about the security shortcomings of video conferencing, according to George Waller, EVP and Co-Founder of StrikeForce Technologies. To get more insight on this topic, we spoke to Waller about key challenges with securing video conferencing platforms, as well as why these services are so susceptible to hacking.
Security: What is your background and current role with Strikeforce?
Waller: I would consider myself both an entrepreneur and a technologist at heart, and have spent the majority of my decades long career working in the tech industry building computer systems. My passion is in developing market-changing software and platforms that helps keep users and their systems secure. Currently I am EVP and co-founder of StrikeForce Technologies, a cybersecurity tech company that helps organizations and businesses prevent damaging data breaches and instances of cyber theft. Millions of users worldwide have downloaded our software, and our company played a pivotal role in pioneering the creation of two of the most widely used cyber security technologies: “Out of Band” authentication and keystroke encryption.
Today, our technologies are widely used in the marketplace across sectors like banking, healthcare, education, manufacturing and government. We are now taking all of our cybersecurity solutions and security expertise into the growing video conferencing space.
Security: Let’s discuss the rise of video conferencing during the pandemic. Are there privacy and cybersecurity vulnerabilities with video conferencing services?
Waller: When COVID-19 hit, the business world had to quickly pivot into a new remote work paradigm. Many started heavily relying on platforms like Zoom, MS Teams, WebEx and others to help solve this immediate problem. But this increase in video conferencing meetings has also paved the pathway to the rise in cyberattacks and cases of ‘zoom bombing’ that are making headlines daily. It’s reached a point to where even the U.S. government has issued warnings to the public about the potential cyber dangers of video conferencing, telling people to be cautious of suspicious activity from cybercriminals looking to breach these platforms and do some serious damage.
Existing conferencing solutions have proven time and time again to be vulnerable in protecting users during their video sessions, it seems that every one of the existing video conferencing platforms are fighting for the spot of least secure platform. This is because the companies that built these systems are video conferencing companies, not, cybersecurity companies. They built systems with one simple goal, to allow people to see & hear each other. Because of that, these systems are seriously flawed. If you have a dam that keeps cracking and springing leaks, the problem is not the leaks, the problem is the dam. You can’t just stick a cyber band-aid on a system and expect it to be secure if it wasn’t designed with cybersecurity as a core tenet.
Security: Will privacy and cyber issues increase as video conferencing platforms become more prominent tools in our lives?
Waller: A mixture of remote work and the physical workplace will likely be a permanent fixture, and since none of the existing video conferencing platforms were not designed to protect the user, or their data, privacy and data breaches will continue to rise. Hackers follow the money trail, and since hacking has become so lucrative, those existing fatally flawed systems are just a breach waiting to happen. The reality is, there are numerous attack vectors and daily vulnerabilities i.e. a zero-day, that are designed to easily bypass our existing anti-virus software and compromise our devices. In addition to the data loss, breaches spell disaster for heavily regulated and compliant industries in the form of massive fines. As a result of these vulnerabilities, we are now seeing a hard shift in government organizations and enterprises to look for cyber-secure video conferencing platforms.
Security: How can video conferencing vendors build platforms with security and privacy as the leading priority?
Waller: The first item that vendors need to understand is about security layering, you can’t lock your front door and leave your windows wide open and think you're safe, it doesn’t work like that.
Almost every vendor on the market (other than us) requires you to download desktop client software, while convenient, it is a very bad idea from a security perspective. The reason being is that the desktop client can easily be exploited by hackers to steal your video stream, your microphone stream, and your audio-out stream. Additionally, that desktop client can be used to capture your keystrokes, clipboard and take unwanted screen shots.
Once their exploitable desktop client is removed from play, vendors need to implement best-practice security guideline recommendations. But even those aren’t strong enough to thwart some of today's sophisticated attacks. You cannot design a secure system without having strong two-factor Out-of-Band authentication, you also need to layer in the concept of an authorized user, and you need the ability to authenticate corporate users with fingerprint and/or facial recognition.
Desktop protection, it’s so important! You cannot just rely on anti-virus software to keep you safe. When choosing a video conferencing vendor you need to make sure that the vendor can protect the following, your camera, microphone, audio-out speakers, your keyboard, clipboard and from unwanted screen shots. The vendor's solution should also protect you when you're using other video conferencing solutions and it should protect your computer's keyboard and clipboard all the time, not just when you’re on a video conference.
Security: What are some general video meeting security best practices for business and consumers?
Waller: As for best practices when using video conferencing tools, first and foremost if you don’t feel secure, don’t share any information that may put you at risk - whether that’s intellectual property, PII, or heck, even pictures of your kids, if you wouldn’t walk around in public showing that type of information, it’s not safe to broadcast over video either. On top of that, it’s the little things that can make a big difference. Always password protect your meetings, never use a personal event link for a public facing meeting, and ensure your service provider encrypts all audio and video transmission - just following these simple tips can help mitigate some of the many attack tools that hackers have at their disposal.