In a context where cyber attacks are on the rise against organisations that are increasingly reliant on hybrid work and remote meetings, organisations need to pay particular attention to the security of their videoconferences. *End-to-end encryption, the location of the servers, the user-authentication system… All these criteria should be taken into account when choosing the right videoconferencing application for you. The stakes are high. Software publishers are competing for a growing market expected to be worth $20 billion by 2024.
Which are the most secure technologies on the market? What are some useful tips to ensure the confidentiality of your online meetings? An overview.
Four tips to ensure the confidentiality of your online meetings
The first tip is to avoid using proprietary applications whenever possible. Remember that proprietary applications are computer programs with a defined author who refuses to allow free access to the source code. This prohibits outsiders from viewing, editing, and distributing the code (e.g., Zoom, Google Meet). The problem with closed-source software is that its publishers are often less willing to quickly disseminate the necessary security patches, preferring instead to bundle corrections of security flaws and release them as a new version of the application. Furthermore, such publishers put little stock in the concept of transparency.
The alternative is called “open-source”, which is free-to-access software that relies on a community of programmers. Open-source software allows many people, including computer security experts, to have access to the source code in order to exploit flaws in the programming and, in so doing, identify vulnerabilities. As a result, those security shortfalls are detected and corrected more quickly and transparently in open-source software than in proprietary software.
Another tip is that it is essential to download your application from an official website. It may seem obvious, but some websites may look professional and official but can lead you to download a computer virus hidden within real videoconferencing software.
Regarding the password for logging into the software or joining a videoconference, the best practice is to use a strong password, i.e., one that includes special characters and is changed regularly. Remember to use a password that does not contain any user, family, or company names.
One last tip concerns the evaluation of the authentication system. In addition to the password, advanced software usually has a secondary way to authenticate the user’s identity, i.e., a text message sent to the user’s phone containing a one-time confirmation code. Other software applications also allow identification via hardware on the user’s device, such as a touch pad for fingerprint scanning or a camera for facial recognition.
The most secure videoconferencing applications
There are lots of videoconferencing applications available on the market. In addition to the most popular ones (Teams, Google Meet, etc.), the location of the servers, access to the source code, and the level of data encryption must be taken into consideration when evaluating them from a security perspective. Here are three applications that stood out to us from the interministerial reference base of free software recommended by the French State:
Tixeo is a French company that guarantees a high level of confidentiality. The Tixeo videoconferencing application has the security endorsement of the French National Cybersecurity Agency (ANSSI), which helps companies identify the most reliably secure software. Tixeo provides end-to-end encryption (a system in which only the parties communicating with each other can read the messages sent back and forth between them) that is not subject to foreign regulations, which ensures total data sovereignty. Remember that if you use American software, your data is subject to the Cloud Act; a United States federal law granting American intelligence agencies access to the data hosted by American companies, regardless of the location of the owner of the data.
Jitsi is a free application, the user can access and modify its code (open source). It was chosen by the French Interministerial Digital Directorate as the “webconference” system of choice for State employees. The French State hosts the software on its own servers to ensure the confidentiality of the information exchanged there, but Jitsi cannot be used for information with the “Restricted Circulation” classification.
BigBluebutton is under an open-source license, its source code is available on Github. That means you can host the application on your own server and ensure the confidentiality of your videoconferences. As you can see, there are many software options available to improve the security of videoconferences. Choosing a videoconferencing application should not be done solely on the basis of price, recording features, or the user experience (UX). To determine which is the best option over the long term, it is imperative to consider and assess the degree of data protection, the location of the servers, whether the software is open source or not, and whether it has a multi-step user-authentication system.