For millions of people, it’s not a workday without it — video conferencing. And plenty of business gets done that way, which has made conferencing a target for hackers. That then begs the important question, how secure is video conferencing?
The answer is pretty secure if you’re using a reputable service. Yet you can take further steps to keep hackers and party crashers out of your meetings.
Why would someone want to crash your meeting?
Hackers and party crashers are likely motivated by one of two things: financial gain or mischief.
Given that some meetings involve confidential or sensitive info, someone might have financial motivation to join in, spy on, or record the meeting. Recently, we saw the lengths at least one AI company went to when it spied on a competitor’s video conference call.[i]
And of course, some bad actors want to cause a disruption. As we saw in recent years, they’ll barge right into a meeting and create a ruckus with rude speech and other antics.
Falling somewhere in between, some hackers might try to intrude on a meeting and slip a malware-laden attachment into chat.[ii] For one, that can lead to a major disruption. And in a business context, financial disruption as well.
How do they pull it off? The typical avenues of attack apply. They might use stolen or hijacked accounts. The meeting was inadvertently set to “public,” allowing anyone with a link to join. Otherwise, they might compromise a victim’s device to piggyback their way in.
How to protect your video calls
Use a service with end-to-end encryption.
Put simply, end-to-end encryption provides a solid defense against prying eyes. With it in place, this form of encryption makes it particularly difficult for hackers to tap into the call and the data shared within it. Secure video conferencing should use 256-bit AES GCM encryption for audio and video, and for sharing of screens, whiteboard apps, and the like. On a related note, read the service’s privacy policy and ensure that its privacy, security, and data measures fit your needs.
Make your meetings private and protect them with a password.
Keep the uninvited out. First, setting your meeting to private (invitees only) will help keep things secure. Some apps also provide a notification to the meeting organizer when an invite gets forwarded. Use that feature if it’s available. Also, a password provides another hurdle for a hacker or bad actor to clear. Use a fresh one for each meeting.
Use the waiting room.
Many services put attendees into a waiting room before they enter the meeting proper. Use this feature to control who comes in and out.
Block users from taking control of the screen.
Welcome or unwelcome, you can keep guests from taking over the screen. Select the option to block everyone except the host (you) from screen sharing.
Turn on automatic updates on your conferencing app.
By turning on automatic updates, you’ll get the latest security patches and enhancements for your video conferencing tool as soon as they become available.
Get wise to phishing scams.
Some interlopers make it into meetings by impersonating others. Just as bad actors use phishing emails and texts to steal personal financial info, they’ll use them to steal company credentials as well. Our Phishing Scam Protection Guide can show you how to steer clear of these attacks.
Use online protection software.
Comprehensive online protection software like ours can make for safer calls in several ways. For one, it protects you against malware attacks, such as if a bad actor tries to slip a sketchy download into your meeting. Further, it includes a password manager that creates and stores strong, unique passwords securely. This can help increase the security of your video conferencing account.
Also, get wise to AI deepfakes on video calls
This is a new one. AI deepfake technology continues to evolve, we find ourselves at the point where scammers can create AI imposters in real time.
We’ve seen them use this technology in romance scams, where scammers take on entirely new looks and voices on video calls. And we’ve seen at least one group of scammers bilk a company out of $25 million with deepfaked executives on a call.[iii]
Strange as it might sound, this kind of deepfake technology is possible today. And realizing that fact is the first step toward prevention. Next, that calls for extra scrutiny.
Any time-sensitive info or sums of money are involved, get confirmation of the request. Place a phone call to the person after receiving the request to ensure it’s indeed legitimate. Better yet, meet the individual in person if possible. In all, contact them outside the email, message, or call that initially made the request to ensure you’re not dealing with an imposter.
The safer video conference call
With the right provider and right steps in place, video calls can be quite secure. Use a solution that offers end-to-end encryption, keep your app updated for the latest security measures, and lock down the app’s security settings. Also, recognize that AI has changed the way we look at just about everything online — including people on the other side of the screen. As we’ve seen, AI imposters on calls now fall into the realm of possibility. A costly one at that.
[i] https://www.nytimes.com/2023/08/07/technology/ai-start-ups-competition.html
[ii] https://www.pcmag.com/news/hackers-circulate-malware-by-breaking-into-microsoft-teams-meetings
[iii] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
