When people think about the dangers of a videoconference, they tend to lean towards forgetting that there is a camera on. But, there are some other risks that need to be considered. With the recent mass migration to videoconferences, some of these risks such as end-to-end encryption, or the lack thereof, have gotten a lot of attention. But, there are many others that need to be considered. This article will highlight a few.
Consider who is using the service. If you are looking for a video conference service to use for your daily standups, weekly happy hours, or monthly all-hands, it might not be worth stressing too much about it. But, if you are using this to communicate with your consumers, the conference service might become a CCPA service provider or GDPR processor. First, make sure that you know if these regulations apply to you. Next, understand if your videoconference service meets the definition of a service provider/processor. Then, make sure that you are meeting your compliance requirements. You don’t want to wind up on the wrong side of an enforcement action.
Assess the security of the vendor. Ideally, all vendor assessments start from a blank slate and bump the vendor and their product or service up against a thorough checklist to tell you how risky it is. In reality, many security teams don’t get a chance to do assessments until the business has already decided to use the vendor, so they are already fighting an uphill battle. But, at the very least, you should be considering whether or not the vendor has a history of security issues. For example, if your service provider has a history of installing a web server in order to allow for the install of software and control of your video camera, and then not fixing that issue until after it has been publicly disclosed despite months of warning, you should take that into account before using them. Similarly, if your vendor requires the permission to “view and edit events on all your calendars” and “view your email messages when the add-on is running” and “…run when you are not present” for an add-on that adds a link to your meetings, you should consider that and determine whether or not your administrators should have that add-on installed.
There are trade-offs to everything. Sometimes, it makes sense to choose the vendor that has the riskier security in order to get the call quality or features that you need. Just make sure that you understand those trade-offs and you mitigate the risk. We can help lay out the pros and cons to allow you to make more informed decisions. Reach out and we’ll get you set up.