Intrusions into videoconferences expose sensitive information and can sometimes have numerous repercussions, including diplomatic ones. A recent case in point is the leak from a WebEx videoconference. Here are the main types of online meetings to prioritise securing and the precautions to take.
Remote executive committees
This type of online meeting involves the presence of senior executives, managers, and members of the executive board. It is a key appointment in the life of a company, which could be targeted for espionage.
The use of a videoconferencing solution with end-to-end encryption technology is therefore essential. However, it must offer client-to-client end-to-end encryption, meaning no decryption phase of the communication streams at the server level. Thus, the audio, video, and data exchanges remain inaccessible to external parties.
Opt for “Enhanced Security“
In addition to this end-to-end encryption technology, Tixeo offers an enhanced security feature: during an online meeting, participants can enter a secret code, previously chosen among themselves, to enter a highly secure and invisible communication tunnel to anyone else.
Audit or budget meetings
Videoconferences discussing financial information, with participants authorised to carry out transactions, are particularly targeted by attacks. Recently, a president scam using deep fake video and audio during a videoconference targeted an employee of the financial department of a multinational company based in Hong Kong. The malicious use of AI during this attack made it perfectly effective. Therefore, all meetings on contracts, budget forecasts, financial results, or audits must benefit from the highest protection. The organiser must carefully control participants’ access to their online meeting.
Find out more about secure videoconferencing for finance
Control participant access
With Tixeo, after connecting to the software via their secure user account, participants send a participation request to the meeting and wait in a virtual waiting room. Meanwhile, the organiser checks their request and approves or denies it. They can then proceed to verify the identity via a phone call and/or sharing a secret phrase. Thus, identity verification takes place upfront, before the participant enters the meeting, and not belatedly during the exchange. Strategic discussions are thus preserved from any external infiltration.
R&D (Research and Development) meetings
This type of online meeting circulates sensitive information about technologies, innovations, or technical patents. Within strategic sectors such as industry or energy, this information constitutes the nation’s scientific and technical potential and must be effectively protected from espionage. The only barrier: genuine end-to-end encryption technology and the choice of a sovereign videoconferencing solution.
Choose a sovereign videoconferencing solution
To prevent the leakage of sensitive information, companies must choose a secure but above all sovereign videoconferencing solution. Indeed, most collaborative applications host their data outside the European territory and are then subject to lenient extraterritorial data protection laws. This is the case with the Cloud Act in the United States: this series of extraterritorial laws allows American authorities to compel publishers located on American territory, to provide data related to electronic communications, stored on American or foreign servers. Corporate communications relating to R&D must therefore absolutely be held on a videoconferencing software compliant with the GDPR, to avoid any information leakage.
Tixeo is also the only secure videoconferencing solution to be certified and qualified by the ANSSI for six consecutive years.
Meetings with external collaborators
Online meetings involving suppliers, clients, or partners expose sensitive information (contractual information, client data, budgets…). Vigilance is paramount regarding the protection of videoconferences: the solution deployed and used by both parties must absolutely be secured, to prevent any data compromises.
Subcontractors, suppliers: particularly targeted intermediaries
Cyberattacks on subcontractors or suppliers working with strategic organisations are common. Indeed, generally, these intermediaries possess sensitive information, without necessarily having a sufficient level of cybersecurity. They thus become ideal targets. This vigilance concerns even more the sectors of Defense and Industry, which collaborate with numerous partners.
In its 2023 cyberthreat overview, the ANSSI reported having dealt with “the compromise of network equipment of an operator, conducted by a state actor, likely for espionage of telecommunications purposes.” The Agency thus reminds that “operators must be particularly vigilant to stop using weak administration protocols, while their clients cannot assume default security and must ensure end-to-end encryption of their communications passing, even partially, via insecure protocols.”
Crisis management meetings
In the event of a cyberattack, IT and crisis management teams need to stay in contact, just like collaborators, to ensure the continuity of business. Within public administrations, the emergency communication tool ensures the continuity of public service. For this, a secure videoconferencing solution that can operate outside traditional networks is necessary.
Find out more about secure videoconferencing for public administrations
Opt for out-of-band communications
The on-premise secure videoconferencing version of Tixeo is deployed on a dedicated server of the company, without impacting the general network security policy. In a crisis, Tixeo can thus operate without an internet connection, isolated on the company’s infrastructure. This allows internal use only: teams can therefore continue their exchanges under all conditions.
Furthermore, choosing an on-premise secure videoconferencing software limits the organisation’s technological dependence on external providers. It thus improves the control of its security policy and strengthens its sovereignty.
Another precaution to take to secure online meetings
Connect on a secure network
Besides the security of the videoconferencing software, the internet connection used for online meetings must be perfectly secured to limit the risks of data theft. Using a robust VPN enhances the protection of the connection but never constitutes an insurmountable barrier for cyberattackers.
Recent leaks from the German army in a videoconference were due, according to initial investigation results, to an unauthorised connection of one of the participants in the online meeting.