The 3 Main Risks to Videoconferencing Security

 

Videoconferencing technology isn’t new, but it has experienced a distinct rise in popularity and strategic importance  as many more organizations shift to remote work. 

A flash survey of 550 U.S. employers in March 2020 and found that 67% of them were in the process of allowing more workers to telecommute. As these working arrangements become more common, video conferencing will be an important enabler of collaboration and productivity.

To be acceptable for regular business use, a videoconferencing solution must be high performing and highly secure. These requirements are even more important in remote work environments where people join using a variety of devices. 

Not all videoconferencing security is created equal, however. Inadequate protection puts users at risk of attackers hijacking meetings, intercepting sensitive data or accessing recorded sessions without authorization.

For these reasons, it’s important to select a videoconferencing service like Google Meet, which implements multilayered protection against these common threats while offering a simple, scalable conferencing experience.

The 3 Main Security Risks to Videoconferences

Like all internet-connected applications, videoconferencing applications pose risks around improper access and data leakage. But they also present 3 distinct vulnerabilities:

  • Hijacking: Online videoconferences have meeting IDs and PINs that are made public (e.g., because someone has posted one on their social media profile or email signature) or easily guessable. Without protection, any person with these meeting credentials could join and disrupt the proceedings or acquire sensitive information.
  • Screen sharing: Related to the above, most videoconferencing applications include screen sharing functionality. An unauthorized participant could become the active presenter use to make their desktop the (unwanted) focus of the session.
  • Recordings: Many video meetings are recorded for later viewing or transcription. Where and how these recordings are stored and protected is important, as improper access or lack of encryption can mean that sensitive information falls into the wrong hands.

Beyond these in-app risks, videoconferencing software also has the potential to increase the attack surface on a client device. For example, on a desktop or laptop PC, a videoconferencing solution may require the user to download browser plugins or other software, some of which fall outside secure distribution channels like the Windows Store or Mac App Store. These extras further increase risk of compromised security.

Google Meet: Secure Videoconferencing for Remote Work

Google Meet is a videoconferencing solution with multiple layers of protection against modern threats, making it ideal for corporate deployments. 

Built on Google’s secure global infrastructure, it reliably stops abuse such as hijacking, securely stores and manages access to meeting recordings and runs safely and entirely within a browser (desktop), app (mobile) or dedicated video hardware (meeting room).

For instance, to prevent hijacking, it requires someone within the organization to approve any join request by an external participant. This reduces the risk of someone eavesdropping or actively disrupting the session.

Like other Google services, Google Meet undergoes regular audits for privacy, security and regulatory compliance. As well as industry-leading protections, it also delivers reliable and scalable performance, complete with support for hundreds of concurrent users, screen sharing, recording, G Suite integration and a 99.9% up-time service-level agreement.

Softchoice is committed to meeting your needs for business continuity, security and stability. By ensuring organizations get the most value from their Google Meet deployments, we help them scale and secure their communications and ultimately preserve productivity in increasingly remote workplaces.

Looking to adopt a secure videoconferencing solution? 

Get Google Meet tailored to your business.

Kari’s Law and Ray Baum’s Act: What You Need to Know

Kari’s Law and Ray Baum’s Act are two pieces of legislation that have been adopted and implemented by the Federal Communications Commission (FCC) in the United States.

Together, they aim to provide the public with greater access to 9-1-1 emergency services while also improving emergency response outcomes.

The legislation affects US-based manufacturers, managers and operators of multi-line telephone systems (MLTS), commonly used in commercial office buildings, hotels and post-secondary campuses, and requires certain organizations to comply with each.

Implications of non-compliance include fines and other penalties, along with the risk of endangering employees, customers and members of the public and associated civil liabilities.

We examine each piece of legislation, its requirements and what you can do to ensure your organization complies below.

Kari’s Law

Kari’ Law came into effect on February 16, 2020 and it’s intent is to allow direct dialing to 9-1-1 emergency services without additional trunk prefixes or routing digits. It also requires that MTLS automatically notify designated personnel onsite that an emergency 9-1-1 call has been placed. It applies to any users based in the United States who can dial emergency services, including fixed and non-fixed MLTS and VoIP users.

The law requires that:

  • Users be able to dial 9-1-1 without using a prefix to reach an outside line (e.g. Press 9 to dial out)
    • Note that under the law, dialing “9 + 9-1-1” can still be functional, but not required.
  • MLTS send a notification to designated personnel onsite, such as a front desk or security kiosk, that an emergency 9-1-1 call has been placed.
    • The notification must include at minimum, a) the instance of a 9-1-1 call being placed, b) a valid callback number and c) information about the caller’s specific location.

The law is not explicit about the method of notification, but allows for installers, managers and operators of MLTS to use an “efficient and cost-effective notification solution.” Examples of notification solutions include audible alarms, visual alerts on monitors, text or email messages, phone calls or network-based applications.

Any organization found not to comply with Kari’s Law as of February 16, 2020 faces a USD $10,000 fine as well as a $500 fine per day found in non-compliance.

Ray Baum’s Act

Ray Baum’s Act, related to Kari’s Law, aims at improving emergency response outcomes by focusing on the importance of sharing precise location information when calling 9-1-1 emergency services.

Specifically, Section 506 of the Act introduces rules to ensure caller’s location is accurately conveyed to emergency dispatch, regardless of the technology platform used to make the call.

The Act requires that:

  • Telephone systems provide certain critical information related to a 9-1-1 caller’s “dispatchable location” to a public safety answer point (PSAP), such as a 9-1-1 call center.
  • The Act defines “dispatchable location” as “the street address of the calling party, and additional information such as room number, floor number, or similar information necessary to adequately identify the location of the calling party.”

Initial dates for compliance with Ray Baum’s Act are January 6, 2020 for non-fixed MTLS calls and January 6, 2021 for fixed MLTS calls.

How to Ensure Compliance with Kari’s Law and Ray Baum’s Act

The following steps may be necessary to ensure your organization complies with this legislation.

  1. Assess your current MLTS: You will need to determine whether your phone system routes 9-1-1 calls to emergency response centers without requiring a prefix. You will also need to verify that notification and caller location information is conveyed correctly under the legislation. This should be tested on multiple phone endpoints on an annual basis.
  2. Install compliant hardware or software: This legislation requires all telephone equipment manufactured, imported or sold in the US after February 2020 to be compliant. If your current system isn’t in compliance and you don’t plan to purchase new hardware, there are several software solutions that will bring your system in line with the regulations. For example, Cisco Emergency Responder’s use of phone calls and Cisco Emergency Responder’s ER user pages satisfy Kari’s Law’s notification requirement.
  3. Ensure proper configuration for E911 technology: This legislation changes the FCC’s rules surrounding Enhanced 9-11 (E911) technology to require that MLTS convey specific individual caller information. Even if you have E911 features installed, you may need to reconfigure.
  4. Plan for remote workers: The legislation applies to any US-based user who can dial emergency services, including those using nomadic softphone applications on desktop or mobile devices. This includes any organizations based in other countries but that have US-based users.

Need help determining whether your organization complies with Kari’s Law and Ray Baum’s Act, or implementing the right solutions to achieve compliance?

Connect with an expert.

 

Softchoice Virtual Discovery Expo 2020: The Highlights

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped.

Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019.

Attendees took away an important message: The current global crisis and its impacts have forced many organizations to embrace change. Done the right way, however, this change will be a catalyst to re-imagine the way they approach transforming through technology.

Now that they have taken steps to adapt to change, secure and stabilize business operations and find efficiencies, VDX participants learned how these steps lay the foundation to make them more agile, more efficient and more secure as they travel the road to recovery.

Among those we surveyed, enabling secure and productive remote work, protecting data, adopting and managing cloud infrastructure were the most compelling topics. While some were still adjusting to remote work or found that they were ready to move to the next stage of their recovery, most respondents told us they were still in the middle of that journey.

While there were enough topics covered to fill several articles, we’ve put together a recap of the biggest highlights from VDX 2020.

Digital Transformation in a Time of Crisis

 Keynote by Aaron Brooks, Sr. Director – Strategy & GTM Enablement at Softchoice

Our reality is changing and pivoting to adopt the right agile strategy is more important than ever. Softchoice’s Senior Director of Strategy and GTM Enablement Aaron Brooks kicked off VDX 2020 by exploring the ways organizations are positioning themselves for growth and success in recovery.

The Highlights:

  • Digital transformation isn’t on hold, it’s just pointed at new problems. New ways to go-to-market in times of necessity will drive growth on the road to economic recovery and beyond.
  • It’s time to ask, “What does our organization really need?” Anxiety around IT costs has raised the need to re-allocate resources to keep your business working.
  • When times are tough, lean on your core values. Staying connected not only as a business but as people has been at the center of our journey to recovery.

Watch the full keynote on demand

The Evolution of Remote Collaboration

Keynote by John MacDonald, Head of Americas Productivity & Collaboration Specialists at Google

John MacDonald, Head of Americas Productivity and Collaboration Specialists at Google, delivered a keynote examining the trends influencing the current communication and collaboration landscape and what we can expect to see in the near and medium terms.

The Highlights:

  • The status quo needs to change. Businesses are realizing the urgent need for collaboration tools at all levels, but still face issues around siloed information and lack of IT security.   
  • People want flexible workforce functionality. Organizations need collaboration tools that support work/life balance and allow teams to adopt quickly and collaborate securely.
  • Everyone’s situation is unique. There is no one-size-fits-all approach to providing secure, smart, simple collaboration solutions.

Watch the full keynote on demand 

How to Achieve Simplified and Highly Effective Security Operations

Keynote by Mike Storm, Distinguished Engineer, Security Business Group at Cisco

In a time of uncertainty, you need a cybersecurity solution with your best interests in mind. Mike Storm, Distinguished Engineer with the Business Security Group at Cisco, explained a three-pillared approach to successful security operations based on quality threat intelligence.

The Highlights:

  • Security controls are only as effective as the threat intelligence they act on. Any security solution depends on access to current, accurate and usable information to remain effective.
  • The more you see, the more you can stop. Unmatched visibility into threats helps protect against them before attackers can exploit vulnerabilities.
  • Organizations need to stay protected after Day 1. Effective security operations depend on a collective, collaborative approach to threat protection.

Watch the full keynote on demand 

Ready to Re-Imagine Your Digital Transformation?

This is just a sample of the insights our exhibitors and partners shared with attendees at VDX 2020.

As you define your journey from continuity and stability through efficiency and recovery, it’s important to recognize the ways the new reality will help you compete and thrive once there.

If you didn’t attend or there was something you missed it’s not too late to take advantage of on-demand breakout sessions, keynotes and downloadable content from our 35+ exhibitors.

No matter where you are on your road to recovery, our team of experts and product specialists are ready to help. 

Explore Softchoice Rapid Response Services