A rapid shift to remote work, accelerated by COVID-19, meant that video conferencing exploded into our work and home lives. As a result the way we work and communicate has been transformed forever.
Even as many of us prepare to move back to our offices in 2021 – video conferencing has certainly allowed us much greater flexibility when it comes to work, increases in productivity and huge cost savings in terms of travel and so it’s unlikely to be going anywhere soon.
However, corresponding with an increase in video conferencing has been an increased scale and sophistication of cyber attacks and breaches. Whilst technological risks play a large factor in many of these cyber attacks so does human error. Human error is estimated to account for between 40%-90% of all cyber security incidents.
The Categories of Human Risk
These incidents can be further broken down into three categories:
1. Exploitation: humans exploiting other humans using technology for personal gain which has taken on a new form with the context of video conferencing.
2. Education: or a lack of education, that leads to humans not being able to identify or respond to targeted attacks, making them susceptible, as well as understanding how to configure online meetings.
3. Identification: knowing specifically who we are dealing with when meeting online and ensuring that the right meetings are filled with the right people.
Human Risk and Phishing
A recent example of a significant breach was an email-based phishing attack cost a Sydney based financial services firm for more than $8 million. A group of senior staff members inside the organisation clicked a Zoom meeting link which they believed to be genuine. This started a chain of events that went undetected, leading to a huge volume of fraudulent invoices being approved.
These employees thought they were doing the right thing: the organisation likely used Zoom every day and were used to simply clicking a link. However workflow processes like these introduced increased risk for human error. Consider when extra pressure is introduced, like being late to a conference, complacency can lead to users not adequately checking for malicious links and can result in serious consequences.
Larger enterprises are not immune to this – ANZ was hit with the exact same attack and an $800,000 withdrawal to an attacker was approved.
Look below to see two examples of conference meeting links- can you tell which one is real?
Visually, the first image matches a real Zoom link but behind it lies a page that will trigger a ransomware attack. The image is genuine, but a skeptical view might find the long and complicated format suspicious.
Reliance on email and automated calendar invites for video conferencing management creates a serious exposure due to being highly exploitable. This means that educating employees is critical knowing that they will be encountering meeting links constantly, from many different parties throughout their workday.
The Questions You Need to Be Asking Yourself
A video conference link could easily be fake or intercepted – inspect what is behind the link before hitting enter on your keyboard or clicking that mouse, if you aren’t sure, don’t click it at all.
When you set up a conference your invites could be forwarded with no way of you knowing where they've gone. We’ve all been forwarded an invite, and while this can be convenient, there’s no way of the host knowing how many people and who these links have been sent to. It’s just like showing up to a party uninvited, and nobody wants to be that person.
Lastly, if you’re password protecting a meeting, how are you sharing the password? If it’s in the same email that you send the meeting ID or link, then it is almost useless. Some apps include the password in the meeting link itself! You don’t need to be a security expert to see the security risks this could present.
How to Minimise Human Error Before a Video Meeting
Determine the sensitivity of your meeting content:
The security of your video conferencing platform should align with the sensitivity of the content being discussed.
Confirm the legitimacy of your meeting:
Is there any reason to believe the meeting link or invitation you received for this meeting may be illegitimate?
Ensure your video conferencing software is up to date:
Hackers often exploit security vulnerabilities in old software to breach your cyber defences. It is best practice to keep your software up-to-date or use a web-based platform like Dekko that does not require software updates.
How to Minimise Human Error During a Video Meeting
Be aware of who is entering your meeting:
Identify members of your meeting to ensure only the authorised participants are in the meeting. Participants who leave their video turned off may present a security risk as it becomes difficult to identify them as an authorised participant.
Be conscious of the information you share:
In a video meeting with many participants and especially ones where participants have their camera turned off, it can be easy to forget who exactly is listening to the meeting content. Be conscious of who is in the meeting so you can ensure all participants are cleared to listen to the meeting content.
Be cautious when screen sharing:
Ensure you don’t have any compromising or confidential applications or tabs open before you begin screen sharing.
Know whether or not the meeting is being recorded.
How to Minimise Human Error After a Meeting
Make sure the call has ended:
It may seem obvious but it can be easy to get yourself in a compromising situation by leaving a video call running when you think it's over.
How Does DekkoLynx Solve for Human Error in Video Conferencing
DekkoSecure has remained committed to applying the mistake-proofing principles of poka-yoke to our technologies. With features like no accidental misaddressing, we solve not just for technology risk but also the everpresent human risk.
Poka-Yoke is a Japanese phrase that describes the process of mistake-proofing a process or removing the possibility for human error. The phrase was first coined by engineers at Toyota's factories, a brand famed for its reputation of quality and reliability. However the principles of poka-yoke extent far beyond that of car production lines.
The DekkoLynx authorisation process ensures that only authorised participants are able to enter your meetings, ensuring that you don’t accidentally share sensitive content with unauthorised participants. We also don’t allow users to enter a meeting directly from an email or URL link, ensuring that meeting links cannot be passed onto unauthorised participants.
DekkoLynx also enables users to store their meeting recordings end-to-end encrypted in the cloud. Meaning that your recording stays completely secure and enables you to share it with other users through secure, encrypted channels.
For more information on DekkoLynx secure video conferencing or to start a free account, visit our website today: www.dekkosecure.com/videoconferencing