How to avoid “zoombombing” during an online meeting?

How to avoid “zoombombing” during an online meeting?

Zoombombing” in video conferencing is still going strong. It disrupts increasingly strategic online meetings, often with malicious intent. To avoid this, video conferencing security must be maximised at all levels.

 

What is “zoombombing” in online meeting?

“Zoombombing” is an unwanted intrusion into an online meeting. During the health crisis and the containment, the sudden and massive use of video conferencing caused this phenomenon to explode. Zoombombing” got its name from the large number of intrusions by malicious people during Zoom videoconferences.

Indeed, intruders can have different objectives when they join a videoconference, ranging from simply disrupting the meeting to retrieving sensitive data such as the names of participants, the purpose of the meeting, documents or shared screens…

 

Serious consequences for organisations

An intruder in a videoconference is not only disruptive to the conduct of the meeting. It also represents a danger for the confidentiality of the information exchanged.

In its latest flash on the risks linked to video conferences, the DGSI cites the example of an intrusion into a company’s video conference to broadcast messages of a terrorist nature. The cause? No control over access to the online meeting: registration was free and the application password had a very low level of security. This lack of protection made it easier for individuals to break in.

Similarly, a recent Federal Reserve videoconference was cancelled after pornographic images appeared and were distributed by an anonymous participant in the meeting. About 100 representatives of major US banks were present during this online meeting. This disruption has led to the risk of data theft and tarnished the organisation’s reputation.

 

A must: the security of the video conferencing software used

These intrusions can be avoided if the videoconferencing software used is “Secure by design“. This principle consists of designing software by addressing security concepts from the very first stages of its design, in order to prevent the risks of security breaches.

Access to the software or its functionalities are thus subject to strict analysis from the moment they are created. As a result, as soon as a vulnerability is discovered, it is immediately corrected before the software is deployed.

End-to-end encryption

For video conferences, end-to-end encryption is one of the essential security criteria. This data transmission system (audio, video and data) guarantees total confidentiality of communications. Indeed, only the sender and the recipient(s) are able to decrypt the data exchanged, without any decryption phase between them.

It is therefore impossible to eavesdrop or spy on an end-to-end encrypted video conference from outside the meeting. Therefore, end-to-end encryption makes it even more difficult to intrude into an online meeting.

The key role of the videoconference organiser

The security of the video conferencing software is a first barrier against “zoombombing” in online meeting.

However, to ensure maximum protection, it is important that the meeting organiser is able to :

  • easily manage the participants and exclude an unwanted participant at any time
  • moderate the speaking rights in the meeting
  • adapt the security level according to the sensitivity of the meeting

 

Controlling access to online meetings

When a videoconference login link is shared, some unwanted guests have the opportunity to login and access the meeting directly.

With Tixeo, if someone clicks on a videoconference login link, he/she indicates his/her name and accesses a waiting room. The organizer receives a notification of this access request. The organiser can then decide whether or not to include this person.

Similarly, at any time during the online meeting, the organiser can exclude a participant if he or she considers that the participant is suspicious.

 

Managing participants’ rights

Until all the participants in the videoconference are assembled, it is preferable that only the organiser has the microphone open. This avoids noise from everyone arriving and the risk of an intruder speaking up and attracting attention.

The organiser can also ask each participant to activate their webcam, so that there is no doubt about who is present, as recommended by the DGSI.

 

Choose the right security level

Tixeo allows the organizer to choose a higher or lower security level depending on the sensitivity of the videoconference.

For example, with a standard security level, it will be possible to share a connection link to the meeting and to connect to it from a web browser.

With a maximum security level, participants will have to create a user account and connect to the online meeting from the software.

visa de sécurité ANSSI

ANSSI security visa

Tixeo secure video conferencing technology is the only solution to be certified and qualified by ANSSI.

Learn more about secure video conferencing

Avoiding sharing information about an online meeting

Finally, information about a videoconference is sometimes inadvertently shared. For example, in shared agendas, where the list of participants, the purpose of the meeting or the login link is accessed. But it also happens that photos of meeting rooms with a video conference in progress are published on social networks, even though the name of the network or the connection identifiers can be seen on the screen.

Vigilance must be exercised when sharing this type of information as it can lead to “zoombombing”.

Tixeo, Secure by Design video conferencing software, integrates security in the design of its solution. Its end-to-end encryption technology secures communications, regardless of the number of participants in the videoconference.

Spying: how to recognise an unsecured video conference?

Spying: how to recognise an unsecured video conference?

When participating in an online meeting, there are certain aspects that should alert you to the level of security. Here is how to spot them to avoid spying on videoconferences.

In its flash #91 on economic interference, the DGSI (General Directorate for Internal Security) gives several examples of suspicious video conferences that have consequences for the integrity of the company.

Its objective is to encourage French companies to be extra vigilant during their online meetings, which are often strategic and sensitive. Indeed, the risks of espionage and economic interference, via unsecured video conferences, are increasingly important. To avoid these risks, organisations must ensure that their exchanges are well secured.

The main characteristics of an unsecured videoconference :

Uncontrolled access to the online meeting

Some videoconferences are accessible through a shareable login link. They allow additional participants to be invited at the last minute but can also lead to intrusion by potentially malicious persons. In 2020, the intrusion of Dutch journalist Danier Verlaan into a confidential videoconference was highly publicised.

To facilitate access to a secure videoconference, it is possible to share a connection link, but only if the organiser can validate the participants’ entry. This requires the organiser to check the identity of the person before allowing him or her to attend the exchange. If in doubt, it is always advisable to refuse the request or to ask for more details about the need to attend the meeting. Without this validation, anyone can connect and access the videoconference information (communications, files, etc.) or spread malicious messages.

Unencrypted communication flows

Audio, video or data exchanges can be spied on if they are not strictly protected by end-to-end encryption. This data transmission system only allows the sender and the recipient(s) to decrypt the data without any decryption phase between them. This avoids spying on videoconferences.

Some non-European video conferencing software claims this type of encryption but is subject to foreign regulations, such as the Cloud Act. The latter obliges publishers to provide back doors in their software to allow the authorities to listen in on communications under certain conditions. However, these back doors represent a security flaw and can be discovered by hackers who will use them to spy on videoconferences.

What is a back door and how does it relate to video conference spying? The answer in video!

The DGSI recommends the use of end-to-end encrypted video conferencing solutions to avoid the risk of spying on videoconferences. Tixeo’s end-to-end encryption technology, certified and qualified by ANSSI, prevents any eavesdropping on communication flows, regardless of the number of participants in the online meeting. Moreover, as a European and sovereign solution, Tixeo’s end-to-end encryption is subject to the GDPR.

Learn more about Tixeo's privacy policy

Guide RGPD Tixeo espionnage visioconférences

Suspicious behaviour by participants

Finally, the threat during a videoconference can sometimes be internal to the company. In this case, it is necessary to be attentive to certain suspicious signals emanating from the participants. In its flash, the DGSI discusses the striking example of a 100% teleworking employee who never shows herself to the webcam and records the videoconferences in which she participates. The capture of strategic information represents a danger of industrial espionage for a company. In case of doubt, it is important to avoid talking about sensitive subjects if confidentiality is no longer guaranteed.

 

Companies must protect their video conferences from espionage

Choosing a secure video conferencing tool

French companies are regularly victims of economic interference due to security breaches during online meetings and this is detrimental to their economic sovereignty. The security of their videoconferencing tool must therefore be at the heart of their concerns. With remote working, sensitive meetings are now done online and expose the company’s strategic data.

Tixeo is the only French video conferencing solution to be certified and qualified by ANSSI thanks to its end-to-end encryption. The software is Secure by Design: security is an integral part of its design process.

Raising employee awareness

Tixeo helps its customers and users to protect their communications and personal data. A security that also requires an awareness of the teams, especially in telecommuting.

It is essential that employees understand the risks of unsecured video conferencing and master the best practices. For each online meeting, organisers and participants must be able to gauge the appropriate level of security and thus adapt their vigilance accordingly (verification of guests, webcam activated for all, high level of password intensity, etc.).

Depending on the sensitivity of the meeting, Tixeo allows to activate a standard or maximum security level. For a confidential meeting, the organizer can set conditions to access the videoconference (installation of the client software and creation of a user account). Each participant will have to identify himself before accessing the videoconference.

How does secure video conferencing protect the personal data of companies and employees?

How does secure video conferencing protect the personal data of companies and employees?

Communicating within and outside the company has never been easier. However, the security of video conferencing software is still rarely taken into account and often exposes users’ personal data.

The urgency of data protection

The GDPR 2022 barometer of Data legal drive indicates that 74% of the data and privacy professionals surveyed believe that employees are more and more attentive to the protection of personal data by the company.

This is not surprising when you consider that in 2021, one out of two French companies was the victim of a cyber attack (CESIN study). Computer attacks generally lead to data theft, which exposes employees and undermines the financial stability of organisations.

In companies, videoconferencing tools process and transmit a multitude of sensitive and confidential data and become prime targets for hackers.

GDPR compliance

First and foremost, video conferencing software must be sovereign and compliant with the GDPR.

Within the European Union, the GDPR firmly regulates the protection of personal data, requiring software publishers to be transparent about their processing. It also excludes any possibility of transferring data to a third country, without a contractual agreement in advance.

union européenne RGPD

The absence of a backdoor in the software

Some major video conferencing software, located outside the European Union, comply with foreign legislation. These authorise the listening of communications. This is the case of the Cloud Act, a series of extraterritorial American laws which allow the authorities to force publishers located on American territory to provide data relating to electronic communications. This data can be stored on American or foreign servers.

Video conferencing: is it necessary to choose a European solution?

Tixeo is committed to data protection

As a European and secure solution, Tixeo is 100% compliant with the GDPR and puts personal data protection at the heart of its commitments. Indeed, its customers, evolving in sensitive sectors (defense, health, industry…) require a reliable video conferencing tool with a maximum security level and with all the guarantees to respect the integrity of their employees’ personal data.

In the Tixeo GDPR guide, select your user profile to find all the essential information you need to know about

  • the processing
  • use
  • hosting
  • storage
  • the protection

of your personal data.

gprd compliant video conferencing

Download the GDPR guide now

Features of a secure video conference

A secure video conferencing software offers additional guarantees for personal data protection. This is the case of Tixeo.

 

Secure by Design: an architecture designed for data security

To be secure, a secure video conferencing software must be Secure by Design. In other words, it must take security into account from the very first steps of its design to its deployment. This process makes it possible to determine potential points of failure in the software at an early stage and to work out solutions to correct them during its development.

As a result, Secure by Design video conferencing software will be much more robust than traditional video conferencing software.

 

Deployment that minimises security impacts 

Deploying a video conferencing tool must not disturb the security of the company’s internal network. With Tixeo, Secure by design video conferencing software, there is only one port to open to deploy the solution. Thus, the security policy of the company network is preserved. This saves time and security!

End-to-end encryption

It is no longer a secret that communications in an unsecured video conference can be listened in on. Only end-to-end encryption avoids the risk of eavesdropping.

This technology enables all audio, video and data streams to be encrypted, regardless of the number of participants in the online meeting. It thus guarantees total confidentiality of exchanges.

end-to-end encryption

Tixeo’s secure video conferencing includes end-to-end encryption through a server (AES 256 encryption), while easily adapting to network variations.

[How it works] End-to-end encryption

 

Taking into account the location of the publisher  

It should be noted that the location of the video conferencing editor is an important criterion to take into account, if the software claims end-to-end encryption. Indeed, in some countries, it is sometimes impossible to fully encrypt communications.

For example, since 2001 in the United States, the Patriot Act requires software publishers to add backdoors to their systems. This back door is a secret entrance that allows the authorities to access the software’s data. If a malicious entity discovers it, personal data can be compromised.

Video conferencing: do you (really) know how your personal data is handled?

gdpr video conferencing

Try Tixeo free for 30 days

6 questions to ask yourself before starting a videoconference

6 questions to ask yourself before starting a videoconference

A videoconference cannot be improvised! Like a face-to-face meeting, an online meeting must be prepared. To ensure that it runs smoothly, here are the 6 questions to ask yourself before launching a videoconference.

1. Am I in a good environment?

It is important to have a comfortable and suitable working space for your videoconferences. First of all, you should avoid placing your back to a window. Backlighting will interfere with the quality of your video. Even if you have an HD or 4K webcam, too much light will activate an adaptation mechanism that will greatly degrade the image quality. The same is true if you don’t have enough light. The ideal situation is therefore to face a window or an adequate light source.

 

2. Is my equipment properly configured?

You start your online meeting but your webcam, your speaker or your microphone (or all three!) are not available: this is probably a configuration problem. In the settings of your video conferencing software, check that your hardware has been selected for use with the solution.

 

3. Is my video correct?

Once you are set up and your equipment is configured correctly, it is important to check the framing of your webcam before entering the videoconference.

For good video quality, the performance of computer-based webcams is sometimes insufficient. The best option is to invest in an external webcam with a high resolution.

réunion en ligne

Webcam, headset, microphone… Which equipment for efficient video conferences?

4. Do my interlocutors hear me correctly?

Of course, after the image comes the sound! In video conferencing, it often happens that a speaker wants to speak but is not heard by anyone. To avoid this, don’t forget to check that you are not muted before joining the online meeting.

If you have a headset, be aware that the microphone is never placed just in front of the mouth but slightly above or below it. This avoids the often unpleasant murmurs of the video conference participants!

headset

If you have an external microphone on your desk, make sure that it is not attached to your computer, as this can cause noise from the computer’s fan or when you type on the keyboard. It is also not advisable to place it near a potential source of waves such as a telephone.

Finally, if there is any unwanted noise or echo, keep in mind that the person generating it cannot hear it. To identify the source, it is therefore best to ask who is not hearing the noise.

 

5. Is my Internet connection good enough?

Video conferencing generally requires a high internet speed and a fibre connection. This is because video streams consume a lot of bandwidth: if your Internet connection is insufficient, you will experience high latency or interruptions in your online meeting.

Therefore, always favour your wired networks, which have a continuous flow, over a Wi-Fi connection, which can be easily disrupted by other waves (and also less secure).

connection

Moreover, Tixeo offers the SVC on Demand technology: it takes into account the quality of the networks, the performance of your CPU and the size of your correspondent’s windows to ensure the stability of your videoconferences.

6. I will be discussing confidential matters during my online meeting: is my video conferencing software secure?

Be careful not to discuss certain confidential topics if you are not sure of the security level of your software.

Most video conferencing software exposes users to the risk of computer espionage. Although some claim to encrypt communications, this is usually simply Secure Real-time Transport Protocol (SRTP) link encryption. To put it plainly, this technology only encrypts the flows passing between the user and the communication server. It therefore leaves the possibility for hackers to access the decrypted data passing through the server.

Moreover, the security of a videoconference must be taken into account from the software design stage. Tixeo, a secure video conferencing solution and Secure by Design, has designed its architecture to allow true end-to-end encryption of communications, regardless of the number of participants in an online meeting. It allows encrypting all audio, video and data streams and avoids any risk of espionage.

end-to-end encryption video conferencing

[How does it work?] End-to-end encryption

Webcam, headset, microphone… Which equipment for efficient video conferences?

Webcam, headset, microphone… Which equipment for efficient video conferences?

If teleworking or hybrid working has become part of your daily work life, it is essential to have the right equipment to interact easily during your video conferences.

Here are the essential equipment for your video conferences

A large screen and appropriate brightness

The computer, whether fixed or portable, should have a large enough screen to improve your visual comfort. When teleworking, it is often advisable to have two screens: your laptop screen, which can be carried around, and a fixed screen. This not only improves comfort and productivity, but also reduces eye strain, which occurs when working with a small screen.

Some computer screens also have a brightness that adapts to the ambient light, which is recommended to protect your vision. In addition, to protect the eyes, screen filters or blue light glasses are recommended for teleworkers.

A high-resolution webcam

This is one of the first pieces of equipment you should think about for video conferences. In order to be seen well by the other person, and thus recreate as much as possible the conditions of a face-to-face exchange, three characteristics must be taken into account.

  • Firstly, the webcam must have a minimum resolution of 720p, or even 1080p (full HD) or 4K for impeccable image quality.
  • In addition, some professional webcams offer interesting options such as adaptation to ambient lighting or the ability to keep a focus on the person, even when moving.
  • Finally, a high-resolution webcam can use a lot of bandwidth. For a teleworker with an average Internet connection, this can be disturbing. Some devices have the ability to automatically adapt the image resolution to the available connection, so that there are no interruptions.

A noise-cancelling microphone

Often, the computer’s microphone is not optimal for being heard. In this case, external microphones are needed.

There are various models available, such as USB microphones that can be placed on the desk, but headsets are probably the most practical for remote work. They can be taken anywhere and, above all, they generally have noise reduction capability. This is an interesting feature, especially for teleworkers in coworking spaces. The headset also allows you to feel more isolated during a conversation.

A headset with good battery life

If you choose a headset for your video conferences, you should consider the ergonomics of the model so that it is as comfortable as possible. In fact, when teleworking, the headset is worn for many hours and should not cause head or ear pain. We recommend models with an autonomy of up to 18 hours of conversation and up to 20 hours of listening.

Speakers for quality sound

If you’re not a headset fan, speakers are still essential for better sound quality than your computer. They also allow you to set the volume higher than the computer’s speakers, which are often insufficient during online meetings.

What if you equipped your meeting rooms for video conferencing?

Have your company’s employees switched to hybrid mode? The meeting rooms on your premises must be equipped so that your teams, whether face-to-face or remote, can exchange information via video conferencing.

Video touch compact: a secure and efficient hardware for your online meetings

Tixeo offers the VideoTouch compact with TixeoRoom. This secure video conferencing kit offers the necessary equipment for an optimal video and audio quality.

The offer is suitable for medium-sized meeting rooms.

The VideoTouch compact is suitable for meeting rooms with up to 10 people and includes a high-resolution touchscreen console with integrated audio system and a full HD (1080p) PTZ motorised camera.

For meeting rooms with more people (10 to 15), the VideoTouch compact group also offers a high-resolution touchscreen console and a Full HD (1080p) PTZ camera. It also features a speakerphone (microphone speaker) with advanced noise suppression and echo cancellation.

The “Multi screen touch control” feature of the kit’s touchscreen console makes it easy to manage multiple screens during a presentation. The result is a smoother presentation during online meetings.

Video conferencing: do you (really) know how your personal data is processed?

Video conferencing: do you (really) know how your personal data is processed?

The explosion of teleworking and hybrid working has led to the widespread use of video conferencing solutions in organisations. Tools that involve the processing of a multitude of personal data of your company’s employees.

Protect your employees and your business

Deploying a videoconferencing solution within your organisation involves processing the personal data of all your employees. This data is of various kinds and includes information about your employees but also about your activity.

Thus, depending on the request, the names, first names, or user IDs and passwords are personal data that can be collected, just like the titles of meetings, their dates or the list of participants.

In most organisations, especially those in sensitive sectors, this data must remain strictly confidential. It is therefore imperative to have a clear view on how personal data is handled.

5 essential questions to ask yourself

1/ Who processes my data?

The data controller determines the purposes and means of processing personal data. The personal data processor processes personal data on behalf of the data controller.

Depending on the use of its services, TIXEO is either a data controller or a data processor on behalf of its Cloud customers.

2/ Why are they used?

These are the purposes set by the controller that justify the use of personal data.

For example, Tixeo processes personal data during a videoconference meeting to generate a meeting history, which is necessary for its client, and to allow to find the participants who attended a meeting.

3/ Where are they housed?

This is a key issue as the hosting of personal data is a key factor in determining the level of protection.

Indeed, within the European Union, the GDPR excludes any possibility of hosting personal data abroad or transferring data to a third country, without a contractual agreement in advance.

Outside the European Union, regulations are much more flexible. In the US, the Cloud Act, a series of extraterritorial laws, allows authorities to force publishers located in the US to provide electronic communication data, whether stored on US or foreign servers.

Tixeo hosts all its data in France, with OVH, a French company and European leader in the cloud.

4/ How long is it kept?

Processed data may be kept for a limited period of time. This must be clearly specified.

5/ What personal data protection measures are implemented?

The GDPR compliance of a videoconferencing solution is a first guarantee of security.

Tixeo goes further by taking a number of precautions to maximize data security. Among them, the encryption of the hard disks of the staff’s workstations handling personal data or the verification of the subcontractors’ compliance with article 28 of the GDPR.

Indeed, security is part of Tixeo’s DNA: its European video conferencing solution is the most secure on the market and is certified and qualified by the ANSSI.

Discover how Tixeo handles your personal data

In its GDPR guide, Tixeo explains in full transparency its personal data protection policy.

In one click, select your user profile and discover all the information about how Tixeo, a 100% GDPR compliant video conferencing solution, handles your personal data.

video conferencing personal data

Téléchargez votre guide RGPD