For a few years now, video calls have been more common than ever, and they can be a great tool in the work environment. In Spain, platforms such as Zoom, Google Meet or Skype became quite popular during confinement . This is a dynamic that more and more companies have adopted in recent years, and it is not always done correctly.
These types of communications can pose a high risk to the security of your own or the company’s data. Several cases have already come to light in which, after videoconferences in which a screen has been shared to make a presentation, confidential data has been leaked that has caused great harm to the company in question.
Possible risks
Users are not fully aware of the amount of information we may be exposing to prying eyes. If meetings are not configured correctly, creating a private room that requires authentication to access, it may be open to anyone entering. Additionally, video conferencing platforms may be exposed to certain security issues. At the beginning of the pandemic there were certain problems with some, such as Zoom, which was quick to correct these failures .
The disclosure of confidential secrets, says Nieva, is another of the great dangers of video calls. In this case, the fault does not lie purely with the medium through which the communication takes place, but is often due to human error . Several cases have already come to light in which, due to carelessness, an employee, by minimizing a window, has revealed private documents.
Artificial intelligence used for harmful purposes can also be the object of the problem, since it has already been seen on several occasions how some cybercriminals have impersonated a person’s identity using this method. As Nieva explains, “it is relatively easy to impersonate a person using this method, so you have to be careful on occasions when the caller demands to perform some actions. If there is no protocol, you can fall into scams such as the CEO scam.”
This basically consists of impersonating an important person within a company to deceive workers who have access to the company’s financial resources into diverting money, and it can cause great damage to the accounts. Recently, a pioneering ruling forced a Portuguese entity to return the amount defrauded using this method.
How to prevent failures
Many times leaks occur due to errors caused by mere ignorance, since “some people think that if they show something over a video call it does not leave a trace, but that is not the case, whoever is on the other end may have been recording the screen. We have to think that “If the person we are showing that information to is not reliable, they can keep a copy, even though we do not give them access to the copy, nor can they record the call from the application.” Here, everything depends on the degree of confidentiality of the document and the reliability offered by the interlocutor. Therefore, if the other person does not offer enough guarantees, the best thing will always be to meet face to face.
He states that “when you are making a video call with people who are not from your own organization, if you do not want to reveal confidential data due to an error of this type, it is best to close all applications, except those that are necessary.” There are some applications that allow you to share a single window instead of the entire desktop, which a priori can be a good method to hide information, but it also entails a greater risk, since the window preview is smaller and there is also the possibility of a mistake, therefore, we insist on the recommendation of closing everything that you do not want to show.
The Technical Director of CheckPoint also reaffirms that there must be an action protocol in companies that allow suspicious behavior to be detected, as well as not revealing information or not carrying out operations if there are not sufficient guarantees , for example, “that changes of suppliers or transfers can only be carried out with the supervision of two people, ensuring greater authentication”. Training employees in security matters is very important to prevent this from happening.
Also “you have to be careful choosing the platform on which video calls are made”, since not all of them offer security guarantees. Along these lines, Nieva mentions the importance of not always using a single virtual room to have meetings, but rather creating one each time, with a different password and inviting only the people you want to participate. Finally, he points out that the classification of information by the company is very important to prevent certain documents intended for suppliers, clients and employees from mixing with each other.
