Video collaboration and cyber security: when talking about the security of business meetings online, it’s a question of the company's overall cyber security.

Cyber security alert: Has your company ensured the cyber security of video collaboration?

Executive Insight 07/2023, 5 min read

“Executive management should pay attention to cyber security. Are you confident your company has ensured adequate cyber security safety measures when using public cloud-based video conferencing solutions?” asks Pasi Mäenpää, CEO, Elisa Videra. In relation to cyber security in video collaboration, companies and authorities tend to wear rose-tinted glasses or they turn a blind eye to threats.

Companies tend to have an almost naive trust in the security of holding public cloud-based video conferences, especially in relation to how security classified materials are being handled and shared in meetings. They appear to be oblivious to the constant surveillance and spying carried out by the states and corporate industrial espionage.

Due to wars, global competition and espionage, cyber security threats are constantly increasing. Energy companies that use nuclear power or the automotive industry engaged in global competition must surely not be interested in sharing their business-critical information. However, it still happens, and all the time.

There is no room for such naivety anymore.

Hijacking is one of the most common cyber security threats

The current increase in cyber security risks is facilitated by the fact that the security of video conferencing does not solely depend on the chosen collaboration solution itself but on the competence of the people using the solutions.

A few years ago, a Belgian reporter was able to hack an EU Council meeting – with classified documents on the agenda – because some of the meeting login information was shared via the Twitter account of one of the defence ministers attending the meeting. The case serves as a perfect example of one of the most common cyber security risks: unauthorised access to video conferences, or hijacking.

Hijackers typically join a conference to eavesdrop on sensitive information or disrupt the meeting when meeting links or access credentials have been shared carelessly. The risk could be mitigated through systematic security measures and by educating employees on cyber security best practices, such as limiting the use of personal social media accounts on work devices or sending meeting links only in company emails, and never via the open internet so that anyone who gets access to the link can’t access the meeting. Conference PIN codes are of no help if they are not required or come attached with the meeting link.

People’s awareness of the cyber security hazards concerning video collaboration hasn’t really grown despite the fact that after the COVID-19 pandemic everyone is now using public cloud-based video collaboration solutions like Teams, Zoom and Webex. Even though these solutions can be trusted to be secure as such, the risks materialise if organisations believe they can get away without paying special attention to the information ecosystems, devices and users connected to them.

Cyber security blind spots

The security of online business meetings is all about a company's overall cyber security. Even if a company's internal security measures are at a good level, devices like Wi-Fi printers at employees’ homes are typically outside the company's firewall and, therefore, not completely protected. Endpoint vulnerabilities and employees working from home pose a cyber security risk that should be taken into consideration.

In addition to hijacking and endpoint vulnerabilities as some of the biggest cyber security risks, inadequate encryption also poses risks.

One solution to this is end-to-end encryption that encrypts not only the video itself but also the data that is used and shared in the conference. Screen sharing, recording and storage are also risk factors for leakage and unauthorised usage of sensitive information if not properly secured and configured.

In relation to cyber security and video collaboration, companies and authorities tend to wear rose-tinted glasses or they turn a blind eye to threats. One typical blind spot is failing to recognise the types of business critical information that could be harmful in the wrong hands – be it from the point of view of industrial espionage or causing losses, or from the point of view of surveillance by other states. Especially when handling classified information such as personal and patient data, military service and location information, business transactions and acquisition plans and different product development matters, organisations should carefully consider the use of cloud-based video conferencing and, at least, have an on-premises video collaboration platform in reserve.

Ask yourself (or your company CIO) the following questions

My advice for everyone using public cloud-based video collaboration solutions is that cyber security risks are real and possible and should be taken very seriously. Even if your company manages and monitors information security sufficiently, it is worth asking how users behave. At the very least, the risks should be reviewed and analysed.

Ask yourself – or your company CIO – if it is safe to use the public cloud in your company’s business critical video collaboration or should you at least handle some of that collaboration through highly secure on-premises platforms.

Ask how you can secure the participation of remote users in meetings when working from home or abroad, and how to protect those users when they join a meeting over the open internet.

What business critical information does your company have that cannot be risked, and what you would want to protect or keep secret from others at any cost?

Also ask how you can ensure your data is protected and files remain safe on computers.

There are no excuses to ignore these known threats. It’s the task of company management to authorise and challenge those responsible for information security, and demand highly secure solutions and practices for video conferencing. Don't be fooled into thinking that your IT has already taken care of all possible cyber security issues or that no one is really that interested in your business. Believe me, many are!

Key points

Due to wars, global competition and espionage, cyber security threats are constantly increasing.
One of the most common cyber security risks is unauthorised access to video conferences, or hijacking. This is where hijackers typically join a conference to eavesdrop on sensitive information or disrupt the meeting when meeting links or access credentials have been shared carelessly.
Endpoint vulnerabilities, inadequate encryption and screen sharing and recording also cause risks of leakage and unauthorised usage of sensitive information.
These risks could be mitigated through systematic security measures and by educating employees on cyber security best practices, such as limiting the use of personal social media accounts on work devices or sending meeting links only via company emails.
A company’s executive management should challenge those responsible for information security and demand highly secure solutions and practices for video conferencing when handling business critical information or personal data.

Pasi Mäenpää

Chief Executive Officer at Elisa Videra and Executive Vice President, New Business Development, at Elisa Corporation

Pasi is the CEO of Elisa Videra and Executive Vice President, New Business Development, at Elisa Corporation. In his current role, he leads Elisa Videra’s global expansion in managed visual communications business. As a member of Elisa’s Executive Management Board, he participates in corporate strategy development, strategy execution follow-up and new business development initiatives.

Prior to his current role, Pasi worked as the General Manager for Cisco Systems in Finland and the Baltics, Regional General Manager for Netigy Corporation in Northern and Central Europe, Vice President of Sales for Fujitsu TeamWare Group in Europe and USA, and held various Director positions at Oracle Corporation in Finland, Austria, the Baltics, Switzerland, UK, and Eastern Europe.

Pasi holds a Datanomi diploma in Information Technology and Business Administration from Helia University of Applied Sciences and an MBA in International Business Management from Henley Management College, Brunel University London.

Valtori selected Elisa Videra to provide the the Central Government video conferencing services

Governmental administration has exceptionally high requirements for information security in all areas. When Valtori, the government ICT Center in Finland needed to renew their video conferencing services and their offering for clients, ensuring information security was a key factor in the project.

“The top leaders of governmental administration in Finland are using Valtori’s services. One of the goals was therefore to have a security level 4 classified service that enables handling of important matters according to each governmental organisations’ current needs.” Explains Antti Närhinsalo, Product Manager, Valtori.

read the article

Make the most of your collaboration solutions.

Elisa Videra has extensive experience in helping companies improve the cyber security of their cloud-based video collaboration solutions and helping authorities build highly secure video networks.

We listen. We deliver. We keep it running.

Services Built for Video Collaboration

Service prerequisites and assessments
Elisa Videra Advisory and Design Services take care of the security aspects, network and platform compatibility assessments, solution design and planning the implementation of the solution to help anticipate and prevent possible issues with service deployment and management. As a one-stop shop, we also offer fit-for-purpose solution bundles and deployment options.
Advisory and design services
Deployment
We ensure secure and successful deployment of solutions and products, to your users and locations. Whether we are deploying complete visual collaborations solutions or delivering products to a single location, we manage the delivery on your behalf leaving you with a fully functioning solution ready for use.
Global Delivery and Deployment
Support and maintenance
Choose the right service level for support and maintenance according to your needs. Scale your business with a specialised service provider without the need to invest or upskill your own resources. Our 24/7 support services with proactive monitoring and on-site support will take care of you and all the solution software, security, and service management needs, anywhere in the world.
Managed Services

How we may help you?

Any cloud, any device – we make it work

Provide your people with freedom of choice wherever they meet and work. Elisa Videra designs, integrates, delivers and manages sovereign collaboration solutions with a can-do attitude.