5 types of online meetings to protect more

23 Apr 2024 | Cybersecurity for Hybrid Teleworking, Hybrid work

Intrusions into videoconferences expose sensitive information and can sometimes have numerous repercussions, including diplomatic ones. A recent case in point is the leak from a WebEx videoconference. Here are the main types of online meetings to prioritise securing and the precautions to take.

Remote executive committees

This type of online meeting involves the presence of senior executives, managers, and members of the executive board. It is a key appointment in the life of a company, which could be targeted for espionage.

The use of a videoconferencing solution with end-to-end encryption technology is therefore essential. However, it must offer client-to-client end-to-end encryption, meaning no decryption phase of the communication streams at the server level. Thus, the audio, video, and data exchanges remain inaccessible to external parties.

Opt for “Enhanced Security“

In addition to this end-to-end encryption technology, Tixeo offers an enhanced security feature: during an online meeting, participants can enter a secret code, previously chosen among themselves, to enter a highly secure and invisible communication tunnel to anyone else.

Audit or budget meetings

Videoconferences discussing financial information, with participants authorised to carry out transactions, are particularly targeted by attacks. Recently, a president scam using deep fake video and audio during a videoconference targeted an employee of the financial department of a multinational company based in Hong Kong. The malicious use of AI during this attack made it perfectly effective. Therefore, all meetings on contracts, budget forecasts, financial results, or audits must benefit from the highest protection. The organiser must carefully control participants’ access to their online meeting.

Find out more about secure videoconferencing for finance

Control participant access

With Tixeo, after connecting to the software via their secure user account, participants send a participation request to the meeting and wait in a virtual waiting room. Meanwhile, the organiser checks their request and approves or denies it. They can then proceed to verify the identity via a phone call and/or sharing a secret phrase. Thus, identity verification takes place upfront, before the participant enters the meeting, and not belatedly during the exchange. Strategic discussions are thus preserved from any external infiltration.

R&D (Research and Development) meetings

This type of online meeting circulates sensitive information about technologies, innovations, or technical patents. Within strategic sectors such as industry or energy, this information constitutes the nation’s scientific and technical potential and must be effectively protected from espionage. The only barrier: genuine end-to-end encryption technology and the choice of a sovereign videoconferencing solution.

Choose a sovereign videoconferencing solution

To prevent the leakage of sensitive information, companies must choose a secure but above all sovereign videoconferencing solution. Indeed, most collaborative applications host their data outside the European territory and are then subject to lenient extraterritorial data protection laws. This is the case with the Cloud Act in the United States: this series of extraterritorial laws allows American authorities to compel publishers located on American territory, to provide data related to electronic communications, stored on American or foreign servers. Corporate communications relating to R&D must therefore absolutely be held on a videoconferencing software compliant with the GDPR, to avoid any information leakage.

Tixeo is also the only secure videoconferencing solution to be certified and qualified by the ANSSI for six consecutive years.

Meetings with external collaborators

Online meetings involving suppliers, clients, or partners expose sensitive information (contractual information, client data, budgets…). Vigilance is paramount regarding the protection of videoconferences: the solution deployed and used by both parties must absolutely be secured, to prevent any data compromises.

Subcontractors, suppliers: particularly targeted intermediaries

Cyberattacks on subcontractors or suppliers working with strategic organisations are common. Indeed, generally, these intermediaries possess sensitive information, without necessarily having a sufficient level of cybersecurity. They thus become ideal targets. This vigilance concerns even more the sectors of Defense and Industry, which collaborate with numerous partners.

In its 2023 cyberthreat overview, the ANSSI reported having dealt with “the compromise of network equipment of an operator, conducted by a state actor, likely for espionage of telecommunications purposes.” The Agency thus reminds that “operators must be particularly vigilant to stop using weak administration protocols, while their clients cannot assume default security and must ensure end-to-end encryption of their communications passing, even partially, via insecure protocols.”

Crisis management meetings

In the event of a cyberattack, IT and crisis management teams need to stay in contact, just like collaborators, to ensure the continuity of business. Within public administrations, the emergency communication tool ensures the continuity of public service. For this, a secure videoconferencing solution that can operate outside traditional networks is necessary.

Find out more about secure videoconferencing for public administrations

Opt for out-of-band communications

The on-premise secure videoconferencing version of Tixeo is deployed on a dedicated server of the company, without impacting the general network security policy. In a crisis, Tixeo can thus operate without an internet connection, isolated on the company’s infrastructure. This allows internal use only: teams can therefore continue their exchanges under all conditions.

Furthermore, choosing an on-premise secure videoconferencing software limits the organisation’s technological dependence on external providers. It thus improves the control of its security policy and strengthens its sovereignty.

Discover TixeoServer

Another precaution to take to secure online meetings

Connect on a secure network

Besides the security of the videoconferencing software, the internet connection used for online meetings must be perfectly secured to limit the risks of data theft. Using a robust VPN enhances the protection of the connection but never constitutes an insurmountable barrier for cyberattackers.

Recent leaks from the German army in a videoconference were due, according to initial investigation results, to an unauthorised connection of one of the participants in the online meeting.

Try Tixeo for free

“Bossware”: what is this software that spies on employees?

12 Dec 2023 | Cybersecurity for Hybrid Teleworking, Hybrid work

Bossware makes it possible to monitor an employee’s activity remotely. The use of spyware is more widespread than you might think, especially since the advent of teleworking and AI. How can they be detected and what are the risks? 

What is bossware?

Bossware” is the term used to describe software designed to monitor employees. Installed on the workstation, it collects a maximum amount of data on the worker’s activity, with the aim of obtaining an overview of their productivity. This spyware can record all online activity, keystrokes, mouse movements and even, in some cases, take random screenshots and record audio or video.

Widely used since the widespread deployment of teleworking in 2020, it enables managers to keep an eye on their employees from a distance. Now, with the development of artificial intelligence, surveillance can go even further. For example, some “bossware” software, such as Veriato, is capable of analysing worker data to assign them a “risk score” for the company’s security. Others can send alerts if the worker does not seem to be behaving appropriately at their post.

Spyware not always detectable

Bossware can be deployed visibly or silently. With visible surveillance, workers are aware that their activity is being monitored. In certain configurations, they can even act on the software by pausing it, for example. Conversely, with silent surveillance, employees are not aware that they are being “spied on”. The software may therefore have been installed remotely on their workstation without their consent.

Authorised in the United States: and in Europe?

In the United States, employers can easily force employees to install this type of software on their workstations. However, laws are now being introduced to limit their use by requiring companies to be transparent.

The GDPR also protects employees

In Europe, employee surveillance is not clearly legislated. Nevertheless, the General Data Protection Regulation (GDPR) can serve as a reference on the subject. This regulation defines the conditions for the collection, use and transfer of personal data and provides a framework for data processing operations, including those relating to employee monitoring. In this way, employee consent to the processing of their data is absolutely required. However, as the European report ” Employee monitoring and surveillance: The challenges of digitalisation “it is up to each [EU] Member State to put in place specific data protection provisions“.

Controversial but still used

In France, “bossware” is highly controversial, but it is still widely used. According to a study carried out by Vanson Bourne for VMware, “63% of French companies with more than 500 employees have implemented surveillance tools”. Nevertheless, the French Data Protection Authority (CNIL) regularly issues warnings about the use of this software. It points out that such surveillance must not “undermine respect for employees’ rights and freedoms”. Employees must therefore be informed before any surveillance tool is put in place. Surveillance in the workplace is one of the main reasons for complaints to the CNIL.

But Europe’s leading country for employee surveillance is Spain. According to the same report, “40% of Spanish companies have installed spyware”, compared with 15% in Germany and 26% in the UK.

The different ways of detecting bossware

According to TechTarget, bossware can be detected by carrying out a few checks.

Check the task manager

If an unrecognised piece of software with a name containing a number of random numbers and letters is running in the background, it may be bossware. Note that many spyware programs are not detectable in Task Manager.

Download antispyware

If you are suspicious, anti-spyware software can be useful. It will scan the device and be able to identify the “bossware” as malicious software. 

Monitor outgoing Internet traffic

Some Internet traffic monitoring software can detect unusual traffic and confirm suspicions.

What are the risks of using bossware to monitor employees?

Impact on employee productivity and well-being

The introduction of employee monitoring tools demonstrates a blatant lack of trust on the part of management towards employees working remotely. And yet, this mutual trust is essential if employees are to remain committed to the company and retain their loyalty. Surveillance, when it is visible, puts constant pressure on employees, pressure that can lead to exhaustion and burn-out. While management would like to control and act on their productivity, it is harming the well-being of its teams.

Data theft and breach of privacy

In France, employees have rights regarding the processing of their data, particularly under the RGPD. They should be aware of this and not hesitate to alert their representatives if they have any doubts about spyware in their company. The use of “bossware” leads to massive processing of personal content and data, which undermines respect for employees’ privacy. If this software is not perfectly secure, it can be targeted by cyber-attacks. As a result, data concerning both the employee and the company is liable to fall into the hands of malicious parties. Employers must protect employee data, whether it has been collected for recruitment, security or business monitoring purposes.

Conclusion: to combat bossware, promote trust and communication

In conclusion, bossware has been used a lot since the health crisis and is tending to develop with artificial intelligence. However, their effects can sometimes be harmful to employee well-being and undermine team performance.

On the contrary, the use of spyware should never be systematic for remote collaboration. It is essential that teleworking is offered in a climate of trust, in order to reap all the benefits in terms of productivity and quality of life at work. To achieve this, appropriate and secure management and communications tools are essential.

Preserving your company’s cybersecurity

The security risks of “bossware” are real. They can lead to the loss of personal data and have financial repercussions for the company.

Employees must remain aware of their rights regarding the protection of their privacy and personal data, and not hesitate to contact their representatives if they have any doubts about the use of bossware.

To find out more about teleworking : https://www.tixeo.com/en/discover-tixeo-video-conferencing/security/white-paper-on-secure-teleworking/

“Bossware”: what is this software that spies on employees?

10 Nov 2023 | Cybersecurity for Hybrid Teleworking, Hybrid work

Bossware makes it possible to monitor an employee’s activity remotely. The use of spyware is more widespread than you might think, especially since the advent of teleworking and AI. How can they be detected and what are the risks?

 

What is bossware?

Definition and origin

Bossware is the term used to describe software designed to monitor employees. Installed on the workstation, it collects a maximum amount of data on the worker’s activity, with the aim of obtaining an overview of their productivity. This spyware can record all online activity, keystrokes, mouse movements and even, in some cases, take random screenshots and record audio or video.

Widely used since the widespread deployment of teleworking in 2020, it enables managers to keep an eye on their employees from a distance. Now, with the development of artificial intelligence, surveillance can go even further. For example, some bossware software, such as Veriato, is capable of analysing worker data to assign them a “risk score” for the company’s security. Others can send alerts if the worker does not seem to be behaving appropriately at their post.

Spyware not always detectable

Bossware can be deployed visibly or silently. With visible surveillance, workers are aware that their activity is being monitored. In certain configurations, they can even act on the software by pausing it, for example. Conversely, with silent surveillance, employees are not aware that they are being “spied on”. The software may therefore have been installed remotely on their workstation without their consent.

Authorised in the United States: and in Europe?

The RGPD also protects employees

In the United States, employers can easily force employees to install this type of software on their workstations. However, laws are now being introduced to limit their use by requiring companies to be transparent.

In Europe, employee surveillance is not clearly legislated. Nevertheless, the General Data Protection Regulation (GDPR) can serve as a reference on the subject. This regulation defines the conditions for the collection, use and transfer of personal data and provides a framework for data processing operations, including those relating to employee monitoring. In this way, employee consent to the processing of their data is absolutely required.

However, as the European report ” Employee monitoring and surveillance: The challenges of digitalisation “it is up to each [EU] Member State to put in place specific data protection provisions“.

Controversial but still used

In France, “bossware” is highly controversial, but it is still widely used. According to a study carried out by Vanson Bourne for VMware, “63% of French companies with more than 500 employees have implemented surveillance tools”. Nevertheless, the French Data Protection Authority (CNIL) regularly issues warnings about the use of this software. It points out that such surveillance must not “undermine respect for employees’ rights and freedoms”. Employees must therefore be informed before any surveillance tool is put in place. Surveillance in the workplace is one of the main reasons for complaints to the CNIL.

But Europe’s leading country for employee surveillance is Spain. According to the same report, “40% of Spanish companies have installed spyware“, compared with 15% in Germany and 26% in the UK.

 

The different ways of detecting bossware

According to TechTarget, bossware can be detected by carrying out a few checks.

1. Check the task manager

If an unrecognised piece of software with a name containing a number of random numbers and letters is running in the background, it may be bossware. Note that many spyware programs are not detectable in Task Manager.

2. Download antispyware

If you are suspicious, anti-spyware software can be useful. It will scan the device and be able to identify the “bossware” as malicious software. 

3. Monitor outgoing Internet traffic

Some Internet traffic monitoring software can detect unusual traffic and confirm suspicions.

 

What are the risks of using bossware?

Impact on employee productivity and well-being

The introduction of employee monitoring tools demonstrates a blatant lack of trust on the part of management towards employees working remotely. And yet, this mutual trust is essential if employees are to remain committed to the company and retain their loyalty. Surveillance, when it is visible, puts constant pressure on employees, pressure that can lead to exhaustion and burn-out. While management would like to control and act on their productivity, it is harming the well-being of its teams.

Data theft and breach of privacy

In France, employees have rights regarding the processing of their data, particularly under the GDPR. They should be aware of this and not hesitate to alert their representatives if they have any doubts about spyware in their company. The use of “bossware” leads to massive processing of personal content and data, which undermines respect for employees’ privacy. If this software is not perfectly secure, it can be targeted by cyber-attacks. As a result, data concerning both the employee and the company is liable to fall into the hands of malicious parties. Employers must protect employee data, whether it has been collected for recruitment, security or business monitoring purposes.

A few ways to avoid bossware

Promoting trust and communication

In conclusion, bossware has been used a lot since the health crisis and is tending to develop with artificial intelligence. However, their effects can sometimes be harmful to employee well-being and undermine team performance.

On the contrary, the use of spyware should never be systematic for remote collaboration. It is essential that teleworking is offered in a climate of trust, in order to reap all the benefits in terms of productivity and quality of life at work. To achieve this, appropriate and secure management and communications tools are essential.

Preserving your company’s cyber security

The security risks of “bossware” are real. They can lead to the loss of personal data and have financial repercussions for the company.

Finally, employees must remain aware of their rights regarding the protection of their privacy and personal data, and not hesitate to contact their representatives if they have any doubts about the use of bossware.

To find out more

In this white paper, find out how you can boost the productivity of remote workers and improve the cybersecurity of teleworking.

Download

How can we reinvent and secure remote working in 2023?

5 Jul 2023 | Cybersecurity for Hybrid Teleworking, Hybrid work

Remote working is now a popular option for many employees and companies. But at a time when cyberthreats are on the increase, how can teleworking be made truly effective and its security strengthened within organisations?

Quiet quitting, digital nomads… A new vision of work

In France, as in Europe, the relationship with work has changed considerably. For many employees today, the priority is to hold a position in a company that is in line with their values, where their well-being will really be taken into account. This is what emerges from the latest barometer from the Actineo observatory. We learn that 45% of those questioned think that their employer is not concerned about their well-being at work, whereas this should be a priority for 84%.

The “quiet quitting” movement and the growing number of digital nomads demonstrate a clear desire for greater freedom and quality of life.

The benefits of teleworking  

Teleworking seems to be an appropriate and effective response to these new expectations, offering a better balance between professional and personal life. What’s more, teleworking is even said to increase employee productivity, according to a report by the French National Productivity Council. A better quality of life? Not just that, since the success of teleworking also depends on the support and appropriate management of teams.

How can teleworking management be rethought?

Find out more about our best practices

Combining collaborative performance and data security

In 2023, the introduction of teleworking will require careful thought to be given to data and communications security. When employees work remotely, the risks of cyber-security are greater and the consequences more costly.

In the IBM report, we learn that in 2022, the average cost of a data breach was 4.34 million dollars in France. When teleworking is a factor in the attack, $1 million is added to the bill. The consequences are therefore primarily financial, but they also damage the reputation of the targeted organisation for its lack of reliability.

Protecting the teleworking environment, installing a VPN, MFA (multi-factor authentication) or subscribing to a sovereign cloud service are all choices that need to be made to ensure that employees have simple, secure access to company resources.

What tools should be put in place to secure data?

Quels sont les risques de sécurité informatique principaux en télétravail ?

Téléchargez le livre blanc

The importance of IT hygiene training for teleworkers

Raising awareness of IT security among teleworking teams is fundamental to preventing cybersecurity risks. In fact, the human factor is always the primary cause, despite the massive increase in the security of information systems. Employees need to be made aware of the risks, but also of the best practices to be implemented to protect their equipment, particularly when they are on the move.

In addition, the deployment and use of a high-performance Secure by Design video collaboration tool remains essential for team collaboration, especially when working 100% from home. It is important to train teleworkers and raise their awareness of this tool, particularly to reduce the risks of shadow IT, which is becoming increasingly common.

The case of Tixeo, 100% augmented teleworking

For the past 8 years, Tixeo has been moving towards 100% ‘augmented teleworking’. Thanks to the TixeoFusion mode of its secure videoconferencing solution, Tixeo teams work together in a virtual open space on a daily basis. The result: simple, reliable and user-friendly communication that erases the distance between employees and strengthens collaboration.

How has Tixeo's 100% augmented teleworking model become sustainable?

Read our feedback

Try Tixeo secure video conferencing for free