Checklist for secure video conferences

Wiretapping scandals only in Hollywood? No! They are also a reality in real life for politicians, companies and state authorities. But it's not just phone calls that are tapped - video conferences have also become popular targets. While strict security precautions are standard for the exchange of confidential emails and documents, there is often a lack of awareness of this when it comes to video conferences. However, they are becoming more and more common in everyday working life and are also used to exchange sensitive company data or personal content.

Do you talk with your team about confidential topics in video conferences, but don't want unauthorised third parties to listen in? Use our checklist for secure video conferencing to block out uninvited listeners.

Content of the article
• What are the security risks of video conferences?
• Checklist: Mastering secure video conferences
• Conclusion: Clear requirements, clear rules

What are the security risks of video conferences?

Online meetings pose a variety of risks. The most common include:

Public networks
Dialling into a video call via the WLAN in a hotel, café or on the train? A bad idea! Publicly accessible networks are unsuitable for secure video conferencing. They are unsecured and make it easy for hackers to tap into data - and this doesn't just apply to video conferencing. Instead, use your company's secure network or set up a secure VPN connection.

Providers are subject to the Cloud Act
As unlikely as it may sound, the headquarters of a video conferencing provider can also harbour a security risk. Companies based in the USA are subject to the so-called Cloud Act (Clarifying Lawful Overseas Use of Data Act). US authorities can oblige companies (and therefore also operators of data centres) to hand over personal and company-related data. This also applies to subsidiaries of US companies based in Germany, for example. Well-known providers of video conference tools such as Microsoft Teams, Zoom, Skype (part of Microsoft) and Jitsi Meet are subject to the Cloud Act.

Unauthorised listeners / participants
If inadequate security precautions are taken, unauthorised persons may gain access to the meeting room. They can eavesdrop on the meeting and its content and collect data. Furthermore, they are not always interested in the content itself. Confidential information about the participants, such as names or email addresses, can also be relevant. The chat function can also be of interest to them, e.g. for sharing malicious links.

Checklist: Mastering secure video conferences

Two factors are crucial for secure video conferencing: the tool itself and the person using it. To ensure that neither the tool nor the person becomes a security risk, we have created a checklist with relevant checkpoints. This makes it easy for you to tick off completed points.

Factor Tool

When selecting the tool, make sure that conferences are protected against unwanted participants and data tapping. Pay attention to this:

• GDPR compliance: Only use tools that comply with the General Data Protection Regulation (GDPR). If possible, use European tools such as Stackfield with company headquarters in Germany so that no control can be exercised from other EU countries, e.g. through the Cloud Act.
• Certificates: Certificates provide you with a good guide to a provider's security measures. Pay particular attention to the ISO certifications 27001, 27017 and 27018.
As a German provider, Stackfield naturally fulfils the legal requirements of the GDPR. In addition, Stackfield places the highest security requirements on itself - as confirmed by ISO certifications 27001, 27017 and 27018. As the company is based in Germany, the Cloud Act does not apply either.
• Two-factor authentication: You can achieve a further level of security with tools that have two-factor authentication. Participants must enter an access code or biometric verification in addition to the meeting ID or their login information. On Stackfield, two-factor authentication can optionally be set when logging in. A time-limited single-use code from an authentication app is then required as the second factor.
• Regular updates: The video conferencing software should have regular updates and thus be protected against malware and the like.
• Storage of data: Find out how and where providers process and store your data.
• Hosting options: When selecting a tool, be sure to check the IT requirements. For example, your company / authority may only allow on-premise tools and not cloud-based tools.

Human factor

Secure video conferences need clear rules for all participants. Communicate the following guidelines in advance, for example:

• Only participate in a private environment (not in an open-plan office)
• Make the background unrecognisable, e.g. with a blur effect
• When screen sharing, make sure that no sensitive information is visible
• As moderator, check the list of participants before and during a meeting
• Never pass on the link, meeting ID and access code
• No audio and video recordings
• No participation from public network
• Mute microphone
• Use headphones
• Leave the meeting after the end (not all software ends the video conference automatically)

Conclusion: Clear requirements, clear rules

Whether certificates, two-factor authentication or updates - when selecting a video conferencing tool, you basically determine how secure your video conferences will ultimately be. So define clear requirements for a video conferencing tool and choose according to these criteria. A particularly secure collaboration tool such as Stackfield enables you and your team to create a secure basis for online meetings without having to compromise on the range of functions, for example.

If you have found a secure tool, you as the meeting host and the participants are under obligation. Agree clear procedures for preparing online meetings and clear rules for the participants. If everyone adheres to these, nothing stands in the way of a secure video conference!