April 6, 2020

Securing Data on Video Conferencing Platforms in a Remote Work Environment

Securing Data on Video Conferencing Platforms in a Remote Work Environment

In recent days, organizations across a range of sectors and industries have been requiring employees to work from home. Since online meetings now enable these newly-dispersed teams to collaborate, it makes sense that video conferencing tools like Zoom, Microsoft Teams, and Cisco Webex are seeing huge spikes in usage.

Unify Cloud, Endpoint and BYOD Data Protection

The mass adoption of such video conferencing and collaboration tools raises new questions, however. Leaders may need to re-examine the tools and business processes that have been put in place to ensure security. These applications allow users to share files and record conversations, which means they could potentially become a source of data leakage. It’s essential for leaders to develop safeguards that protect confidential information discussed on these platforms. This includes trade secrets, intellectual property (IP) and data subject to regulatory compliance concerns.

As with any cloud-based application, securing video conferencing platforms comes down to understanding how people use them. Businesses must apply security policies and protocols in ways that support effective collaboration while mitigating risky behaviors—and enhancing visibility so you can monitor and control file movement and prevent unauthorized users from connecting.

Here are some steps you should take to secure data when employees are using videoconferencing solutions:

Keep tabs on access

It’s critical to monitor which corporate IDs are logged into your instance, and which additional tool sets are attached to it. Security and IT should mandate that all business communications take place over corporate licensed instances rather than free accounts anyone can use. 

Consider enhancing your web security with a solution that gives you visibility into which employees are accessing Zoom or other videoconferencing tools. The Forcepoint Web Security Cloud includes a Shadow IT feature that enables discovery of cloud applications being used within your organization. For more comprehensive protection, you can add full Cloud Access Security Broker (CASB) capabilities, which provide visibility and control across all cloud applications your organization is accessing--whether they’re sanctioned or not.

Educate users on how to control access to meetings

It’s important to ensure meetings include only the people who are supposed to be attending. Most video conferencing applications allow users to create a specific meeting ID that can be reused for general meetings. But in cases where meetings have large numbers of attendees, encourage employees to create unique meeting IDs. Beyond that, video conferencing apps allow different ways to control who attends. Make sure employees are aware of features like waiting rooms, how to disable video sharing and how to mute participants as a group or at the individual level. Show employees how to require passwords for participants to join sensitive meetings. Over the weekend, Zoom enabled waiting rooms by default and also now requires passwords for meeting rooms. Other vendors may follow suit, but it’s worth either controlling those settings as an admin or at least make sure users understand how those features work. 

Set controls to restrict the movement of call recordings

Most videoconferencing applications allow users to record meetings.  And they usually allow a user to store the recording on to the local endpoint device that hosted the meeting or to a location on the cloud. If a user chooses to save meeting recordings to the local machine, you can create a policy within your Data Loss Prevention (DLP) solution--if you have one in place--that automatically limits the movement of that type of file using file fingerprinting. These controls prevent certain types of files from being moved off the endpoint device or across the network.

Limit file sharing in chat to keep sensitive data safe

Whether your sensitive information is source code, technical product specifications, personally identifiable information (PII) belonging to customers or employees, or protected health information (PHI), it’s ideal to have visibility into and control over its movement. Putting data protection policies in place that restrict or prohibit sensitive data movement can limit its sharing in chat, or keep it out entirely. 

Mind the meeting transcript

Many video conferencing solutions can transcribe audio recordings. If you enable this functionality at an admin level, users can opt to receive audio transcripts of meetings they record. Forcepoint DLP can protect this file just as reliably as it would if it were saved to a local device, preventing exfiltration and enabling your team to enforce unified policies across cloud locations where these files are stored and your on-premises environment.

Video conferencing applications are a powerful productivity tool that can bring remote teams together and foster collaboration. Ensure your employees can use them securely by monitoring access, ensuring employees know how to control meeting participant access and implementing solutions that prevent data leakage and alert you to anomalies and risks. This will help you empower collaboration while keeping sensitive data safe and private.

Scale your security strategy to protect people and data wherever work happens—learn more here

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.