The increased market demand and attention on video conferencing and collaboration technologies due to the pandemic has created a lot of concern regarding the security and user privacy of these tools.
To address this issue head on, we released a formal statement on BlueJeans’ security practices from our CTO, Alagu Periyannan, outlining the steps we take to secure customer and user data here at BlueJeans and reaffirming our commitment to innovating responsibly and communicating transparently.
We also recently hosted a webinar to further explain BlueJeans’ approach to security and privacy and preview some of our upcoming innovations that will continue to make BlueJeans an exceptionally secure video conferencing platform.
As the webinar highlights, in order to have a secure SaaS product, one must develop a culture of putting security and privacy first from the start. This requires adhering to open source principles—including various encryption standards—to guarantee you’re not cutting corners on security and privacy. These protocols have been time-tested for security to ensure they’re less prone to hacking. They’re in place to help you improve your product and get ahead of the next potential threat.
But beyond that, vendors have a responsibility to educate customers on the security threats that face our digital workplace today and share best practices for how to avoid them. As such, we recently released the “Eight Best Practices for Safe Video Conferencing” guidelines designed to ensure the safety and security of organizations and their people—many of whom may still be adjusting to the new work from home norm:
1. Be careful about sharing your Meeting ID - Though you may want to recruit as many people as possible to your meeting or live event, exposing your Meeting ID on social media, websites or other public forums can attract the wrong kinds of attendees. There are many examples where attendees have shared unsavoury content in ‘all-welcome’ events. Be extra vigilant about this if your meeting involves children. As a minimum precaution we recommend using a One-Time Meeting ID. By not revealing your Personal Meeting ID to the public, your future meetings won’t attract unwanted guests.
2. Always use passcodes - Meeting hosts should apply both moderator and participant passcodes (if available) to heighten meeting security. Moderator Passcodes require the meeting host (or a designated delegate) to enter a unique code to start the meeting. This prevents risky behaviour happening before the host arrives. Participant Passcodes add an additional layer of security, allowing only those with the correct code to join the meeting. Some video conferencing services offer advanced fraud detection to detect and report on repeated login failures and meeting join failures. This helps block the type of malicious intruders who scan for meeting IDs over a set period of time.
4. Keep watch on meeting joiners - Meeting hosts have the ability to track who joins meetings in a variety of different ways, depending on the system they’re using. Most allow the host to set an audible alert to announce when new attendees join. Some also display entry and exit banners with the names of joining attendees on-screen. The host should also view the meeting roster to verify who is on the video conference. If unrecognised or anonymous names are on the list, the host should ask them to confirm their identity by voice or chat.
5. Master the controls - To prevent unwanted participants joining your meeting or event, make sure the system you’re using allows the host to eject or drop a participant and prevent them from re-joining. Some systems also let you lock a meeting once all of the required individuals are present, critical when participants plan to cover sensitive and confidential information. A common problem occurs when a meeting host with back-to-back meetings uses their Personal Meeting ID. One meeting overruns and the participants for the next call join, listening in to the previous meeting. If you expect this to happen, plan in advance and use a One-Time Meeting ID.
Most systems allow hosts to mute the audio and video of some or all participants, and put the meeting in ‘host-only’ mode. This helps keep the group focused and prevents disruptions, including from unwanted guests. Participants that want to ask questions have other options, depending on the system. Some allow people to virtually ‘raise their hands’ then ask questions by voice or chat.
Beware that some platforms enable file transfers which can be conduits for malware sharing. At the least, ensure that meeting hosts can disable ‘file transfer’ to prevent malware being shared.
6. Use live meeting controls for large meetings and events - When companies need to run large meetings or events with more than 25 people, they should invest in systems with appropriate capabilities and security features. Systems designed for larger groups allow hosts to delegate the job of monitoring and controlling the meeting participants, and also moderate question and answer sessions.
7. Use browser-based meetings to avoid download delays - Some platforms require people to install software, delaying meeting start times, and potentially violating corporate policies. If you want to avoid participants having to download software before joining, look for video conferencing providers that support browser-based options that use the WebRTC real-time communications standard, where users can simply click on a link to join a meeting in a web browser.
8. Practice basic security hygiene - According to online security experts Check Point, 90% of cyberattacks start with a phishing campaign. If you receive a link by email or social channels to join a video conference, contact the sender to confirm its legitimacy. Never open links and attachments in emails from unknown senders. Look for the classic clues of cybercrime like spelling errors in URLs and emails.
At BlueJeans, we are committed to protecting our customers' information so that they may stay safe while maintaining secure business operations during this challenging period and beyond—the success of this is dependent on open dialogue and communication. While there will always be more steps one can take to maximixe security, we hope these guidelines will get you off to a good start.