5 Ways to Secure Data on Video Conferencing Platforms in a Remote Work Environment

Recently, organizations across a range of sectors and industries have begun requiring employees to work from home. Since online meetings now enable these newly-dispersed teams to collaborate, it makes sense that video conferencing tools like Zoom, Microsoft Teams, and Cisco Webex are seeing huge spikes in usage.

However, the mass adoption of such video conferencing and collaboration tools raises new questions around security. Leaders may need to re-examine the tools and business processes that have been put in place to ensure security. These applications allow users to share files and record conversations, which means they could potentially become a source of data leakage. It’s essential for leaders to develop safeguards to protect any confidential information discussed on these platforms. This includes trade secrets, intellectual property (IP), and data subject to regulatory compliance concerns.

As with any cloud-based application, securing video conferencing platforms comes down to understanding how people use them. Businesses must apply security policies and protocols in ways that support effective collaboration while mitigating risky behaviors—and enhancing visibility so you can monitor and control file movement and prevent unauthorized users from connecting.

Here are five steps you should take to secure data when employees are using video conferencing solutions:

1. Keep tabs on access

It’s critical to monitor which corporate IDs are logged into your instance and which additional tool sets are attached to it. Security and IT should mandate that all business communications take place over corporate licensed instances rather than free accounts anyone can use.

Consider enhancing your web security with a solution that gives you visibility into which employees are accessing Zoom or other video conferencing tools. The Forcepoint Web Security Cloud includes a Shadow IT feature that reveals cloud applications being used within your organization. For more comprehensive protection, you can add full Cloud Access Security Broker (CASB) capabilities, which provide visibility and control across all cloud applications your organization is accessing—whether sanctioned or not.

2. Educate users on how to control access to meetings

It’s important to ensure meetings include only the people who are supposed to be attending. Most video conferencing applications allow users to create a specific meeting ID that can be reused for general meetings. But in cases where meetings have large numbers of attendees, encourage employees to create unique meeting IDs. Beyond that, video conferencing apps allow different ways to control who attends. Make sure employees are aware of features like waiting rooms, how to disable video sharing, and how to mute participants as a group or at the individual level. Show employees how to require passwords for participants to join sensitive meetings. Zoom now enables waiting rooms by default and requires passwords for meeting rooms. Other vendors may follow suit, but it’s worth either controlling those settings as an admin or at least making sure users understand how those features work.

3. Set controls to restrict the movement of call recordings

Most videoconferencing applications allow users to record meetings. And they usually allow a user to store the recording on the local endpoint device that hosted the meeting, or in the cloud. If a user chooses to save meeting recordings to the local machine, you can create a policy within your Data Loss Prevention (DLP) solution—if you have one in place—that automatically limits the movement of that type of file using file fingerprinting. These controls prevent certain types of files from being moved off the endpoint device or across the network.

4. Limit file sharing in chat to keep sensitive data safe

Whether your sensitive information is source code, technical product specifications, personally identifiable information (PII) belonging to customers or employees, or protected health information (PHI), it’s essential to have visibility into and control over its movement. Putting data protection policies in place that restrict or prohibit sensitive data movement can limit users from sharing data in a chat, or keep it out entirely.

5.  Mind the meeting transcript

Many video conferencing solutions can transcribe audio recordings. If you enable this functionality at an admin level, users can opt to receive audio transcripts of meetings they record. Forcepoint DLP can protect this file just as reliably if it were saved to a local device, preventing exfiltration and enabling your team to enforce unified policies across your on-premises environment and any cloud locations where these files are stored.

Video conferencing applications are powerful productivity tools that can bring remote teams together and foster collaboration. Ensure your employees can use them securely by monitoring access, ensuring employees know how to control meeting participant access, and implementing solutions that prevent data leakage and alert you to anomalies and risks. This will help you empower collaboration while keeping sensitive data safe and private.

It’s up to you to scale your security strategy to protect people and data wherever work happens. And Forcepoint is here to help. Visit us to learn more about what you can do now to protect your remote work environment.