What is Your Video Conferencing Security Policy?
The high-profile hacking of a Canadian political party videoconference in 2016 was a wake-up call. The hacker eavesdropped on a video conference, then contacted a news organization. No actual harm was done, but it highlights the need for security protocols.
A STARTING POINT FOR SECURITY
We can help our customers establish a strong video conferencing security policy through:
- System audit services – Video conferencing systems don’t age well. While there is a certain amount of maintenance we can recommend, old systems eventually need to be replaced. Audits and upgrades are a standard part of our service program.
- Provide a domain-based approach – Domain-based security enables the system administrator to control access to video conferences through various levels of permission. Without the permissions, access will be denied. This is one of many systems we can put in place to thwart potential security breaches.
FURTHER BEST PRACTICES
Beyond the audit and domain approach there are a number of other best practices for helping clients develop excellent video conferencing security policy:
- Establish a BYOD (bring your own device) policy – Allowing employees to use their own devices can improve employee productivity and happiness. However there are security considerations. We help clients navigate a comprehensive policy to guard against attacks via employee owned devices.
- Secure networks and devices – Transferring sensitive information across unknown or unsecured networks is a dangerous practice. For instance, any device connected to a company’s network should be identifiable and authorized for access. In doing so, their network will instantaneously become safer.
- Staff Training – A system of security protocols and device update protocols should be established and enforced. We offer a system of reminders and training as part of our service program.
If your work takes you into the healthcare industry, staying compliant with privacy regulations is something you need to understand.
Canada’s federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), is a compliance standard that provides patients with the same level of privacy and confidentiality required for in-person visits. It is comparable in many ways to the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Regardless of what industry you are in, PIPEDA is a good standard to follow when it comes to storage and dissemination of video materials.
Best practices for PIPEDA compliant video conferencing include:
- Use encryption and other security precautions such as authentication, access auditing and reporting, well-defined per-user access controls, etc.
- Secure prior approval for video transmissions. A video service provider cannot store video transmissions without explicit approval of the client.
- Consider a business associate agreement (BAA). Depending on the nature of the service provided, a good safeguard to ensure that there is an unbroken chain of responsibility for any information that may be “touched” by a vendor and/or service provider is to implement a standard agreement that all parties are required to sign.
Whatever sector our clients serve, a comprehensive video conferencing security policy is something they need, even if they are not aware of the need. With input and direction from our team of experts, systems will be more secure, staff will be better educated and security breaches can be prepared for and avoided.
Video conferencing enables teams and individuals to connect and collaborate no matter their location. If you’re using video conferencing to discuss sensitive information or business, it’s imperative to ensure the proper security measures are in place.