When participating in an online meeting, there are certain aspects that should alert you to the level of security. Here is how to spot them to avoid spying on videoconferences.
In its flash #91 on economic interference, the DGSI (General Directorate for Internal Security) gives several examples of suspicious video conferences that have consequences for the integrity of the company.
Its objective is to encourage French companies to be extra vigilant during their online meetings, which are often strategic and sensitive. Indeed, the risks of espionage and economic interference, via unsecured video conferences, are increasingly important. To avoid these risks, organisations must ensure that their exchanges are well secured.
The main characteristics of an unsecured videoconference :
Uncontrolled access to the online meeting
Some videoconferences are accessible through a shareable login link. They allow additional participants to be invited at the last minute but can also lead to intrusion by potentially malicious persons. In 2020, the intrusion of Dutch journalist Danier Verlaan into a confidential videoconference was highly publicised.
To facilitate access to a secure videoconference, it is possible to share a connection link, but only if the organiser can validate the participants’ entry. This requires the organiser to check the identity of the person before allowing him or her to attend the exchange. If in doubt, it is always advisable to refuse the request or to ask for more details about the need to attend the meeting. Without this validation, anyone can connect and access the videoconference information (communications, files, etc.) or spread malicious messages.
Unencrypted communication flows
Audio, video or data exchanges can be spied on if they are not strictly protected by end-to-end encryption. This data transmission system only allows the sender and the recipient(s) to decrypt the data without any decryption phase between them. This avoids spying on videoconferences.
Some non-European video conferencing software claims this type of encryption but is subject to foreign regulations, such as the Cloud Act. The latter obliges publishers to provide back doors in their software to allow the authorities to listen in on communications under certain conditions. However, these back doors represent a security flaw and can be discovered by hackers who will use them to spy on videoconferences.
What is a back door and how does it relate to video conference spying? The answer in video!
The DGSI recommends the use of end-to-end encrypted video conferencing solutions to avoid the risk of spying on videoconferences. Tixeo’s end-to-end encryption technology, certified and qualified by ANSSI, prevents any eavesdropping on communication flows, regardless of the number of participants in the online meeting. Moreover, as a European and sovereign solution, Tixeo’s end-to-end encryption is subject to the GDPR.
Suspicious behaviour by participants
Finally, the threat during a videoconference can sometimes be internal to the company. In this case, it is necessary to be attentive to certain suspicious signals emanating from the participants. In its flash, the DGSI discusses the striking example of a 100% teleworking employee who never shows herself to the webcam and records the videoconferences in which she participates. The capture of strategic information represents a danger of industrial espionage for a company. In case of doubt, it is important to avoid talking about sensitive subjects if confidentiality is no longer guaranteed.
Companies must protect their video conferences from espionage
Choosing a secure video conferencing tool
French companies are regularly victims of economic interference due to security breaches during online meetings and this is detrimental to their economic sovereignty. The security of their videoconferencing tool must therefore be at the heart of their concerns. With remote working, sensitive meetings are now done online and expose the company’s strategic data.
Tixeo is the only French video conferencing solution to be certified and qualified by ANSSI thanks to its end-to-end encryption. The software is Secure by Design: security is an integral part of its design process.
Raising employee awareness
Tixeo helps its customers and users to protect their communications and personal data. A security that also requires an awareness of the teams, especially in telecommuting.
It is essential that employees understand the risks of unsecured video conferencing and master the best practices. For each online meeting, organisers and participants must be able to gauge the appropriate level of security and thus adapt their vigilance accordingly (verification of guests, webcam activated for all, high level of password intensity, etc.).
Depending on the sensitivity of the meeting, Tixeo allows to activate a standard or maximum security level. For a confidential meeting, the organizer can set conditions to access the videoconference (installation of the client software and creation of a user account). Each participant will have to identify himself before accessing the videoconference.