The Ultimate Guide to Secure Video Conferencing

Phil Henken
Phil Henken
Updated June 16 2021
Hybrid conferencing
Phil Henken
Phil Henken
Updated June 16 2021

The idea of video communication is not exactly new; telephone inventor Alexander Graham Bell speculated back in the 1800s that one day callers might also be able to see one another. It was a staple of 20th Century science fiction (How can we tell it is THE FUTURE? Flying cars and two-way video calls!). However, the need for secure video conferencing was less easy to predict.


Over the course of the 1990s to 2000s, video over the internet evolved from an impressive technical feat/nearly impossible to accomplish on ordinary consumer hardware into something that could be widely accessed and afforded. Around 2010, everyday apps for video calls were hitting computers and smartphones alike, starting a new communication paradigm. By 2020, most of us were at least familiar with the idea of video calls and conferencing (new generations are even growing up with it as a given). When knowledge work makes it more possible for workforces to be physically dispersed between buildings, cities, and even continents, video conferencing has become a way for teams and individuals to make a connection despite real-world separation.


You might say we saw video conferencing technology coming. What we didn’t see coming was a pandemic causing shutdowns, quarantines, and a major rethinking (as a society) of how we do “work.”


When the show had to go on during the 2020 lockdowns, everyone in the workforce who could go to remote work did—and found out about the utility of video conferencing in depth. Video conferencing went from being bells-and-whistles that augmented traditional office work to “how everyone is doing business.”


People seeking unauthorized access to companies, organizations, or individuals’ video chats can run a spectrum from merely obnoxious or disruptive to actively malicious. While trying to assign motives to intruders on digital networks and communication can get abstract, the threat is concrete. Video conferencing will remain a crucial tool for businesses and organizations through the foreseeable future, so this guide will help keep your streams, organization, and participants safe while embracing the latest in video meeting technology.


Jump to:


Secure video conferencing


What is secure video conferencing and who needs it?

Secure video conferencing can be both a type of product and a way of handling business (business being literal or figurative) when relying on video calling and conferencing technology. First and foremost, secure video conferencing should be a part of the “best practices” you follow to promote online security (some people like to call it security hygiene or cyber hygiene) in your business or organization. Think of it as a physical worksite—safety first.


Secure video conferencing makes sure your users, data, meetings, and network are not exposed to security breaches ranging anywhere from annoying and embarrassing meeting-crashers to sophisticated malicious hacking attacks intended for eavesdropping and causing harm.


And who needs it? Anyone who’s going to rely on video conferencing for a business or organizational meeting and communication tool, which as of right now is “virtually everyone.” As we mentioned above, during the pandemic video conferencing was proven as a mass technology and viable way to work, not to mention that the tech was introduced to a lot of unfamiliar workers via WFH. The use of video conferencing is only poised to grow.


Secure Video Conferencing


How to ensure video conferencing security in 7 steps

1. Make sure your current video conferencing solution is secure

First off, evaluate the system you’re using now. If it is several years old and not a platform with technology that’s being regularly updated (legacy software, etc.) you could be exposing your organization, clients, and colleagues. Not to mention the risk to your reputation that can result from becoming the company that had the conference-related security breach.


Of course, some of this depends on the scale of your needs; if it’s only you and two geographically distant friends plotting a start-up, go ahead and use the consumer video-calling app and just make strong passwords.  But if you’re operating at mid-to enterprise-level, it’s definitely worthwhile to take your software services AND security more seriously. Use a platform that prioritizes privacy and security. Assess the software or platform you use, the way participants, moderators, and users in general log in, the quality of encryption on rooms and data, and how data is managed. If anything about what you’re using is behind the curve you should think about moving to a newer, better product.


Need some advice on high-quality video conferencing systems? Go ahead and skip down to the final main section, below.


2. Strong passwords and single sign-in credentials

Plenty of guides can easily be found online for creating strong login passwords. But in addition to what individuals can do, there are other best practices businesses and organizations can follow to ensure secure video conferencing. Good quality conferencing software and hardware use at minimum 128-bit Advanced Encryption Standard (AES) security to encrypt video calls. Encryption keys are automatically generated at the beginning of a session, making the encrypted data near impossible to crack.


Another safety measure organizations can employ is single sign-on, or SSO, which ties all of a user’s authentication to one set of credentials and permissions. This is great for IT departments to manage and track access to audio and video conferencing and simplifies things for users as they only have one set of credentials to be concerned with. In the event of a security breach SSO makes it easy for IT to determine if a user’s credentials or a company’s systems were compromised and how, log activity, and lock things down so no further damage occurs.


3. Check that your conference provider takes a domain-based approach

Domain-based security is a model that evaluates your organization and its’ processes into “domains of confidentiality levels” to enforce controls on sharing information. What that means to you practically is that users can collaborate in a secure and controlled environment; the provider is designing its product with the safety of your users and organization in mind. Additionally, the system administrator is able to use different levels of user permissions to control access to system and network resources, making sure the right people have access to the right places.


4. Use waiting rooms

This is kind of a “no-brainer”, but just in case… Always use your software’s waiting room feature and make sure the people logging into your conference are all supposed to be there. For those unfamiliar, the waiting room is a virtual space where people logging in are temporarily held. It also shows moderators and admins a list of participants, allowing them to be let in by permission. If the software you’re currently using doesn’t offer this functionality, refer back to Step 1 above and consider getting new software.


5. Keep your links secure

By 2021, all web users should be on notice that links can be misused either for harmful purposes or otherwise exploited to give someone entry to a place they shouldn’t be.


When you receive links yourself, always check them. You want to be sure the link was sent through a known and trusted source and doesn’t have any suspicious text or extensions: unusually long links, links that seem to come from an incorrect domain, links ending in “.exe” are all things to be careful of. When in doubt, don’t click.


Always use your secure video conferencing software’s invite functions! Also, turn on the notifications so you know if someone you didn’t invite tries to join the meeting. Sharing conference links through other means outside the conferencing platform (email, messaging) just creates another opportunity for malicious actors to find a way into your video conference. And don’t put conference links on social media unless you intend for them to be completely public. Just don’t do it.


Last but not least, stay alert. Any suspicious activity should be reported to your IT security team, and you also might want to check in with your platform provider and give them a tip about any potential security problems.


6. Update your secure video conferencing software

Again, it’s a no-brainer, but we’ll put it out there. ALWAYS use the latest versions of software—most major security breaches end up being from known vulnerabilities that companies failed to download a fix for, expired certificates, and other totally avoidable calamities. Use an up-to-date platform, and make sure you are always running updates and patches as soon as possible.


7. Have a security policy for video conferencing

Aside from failing to update software and servers, this is the other major place where businesses and organizations can drop the ball and make themselves vulnerable.


Create a clear policy as far as guidelines and best practices, boundaries, and expectations for both your technical staff and non-technical users. Make sure it protects the organization, its employees, and users, and have HR and IT both collaborate on it if necessary.


Since more people than ever are working from home you’ll definitely want to lay things out clearly as well as be specific about who can and can’t connect to your secure video conferencing platform. Specify platform-specific security settings and have a policy about who other than employees (vendors, clients, customers, etc.) might be able to connect to the conferencing service.


Finally, make sure your employees are up to speed on the policy and receive hands-on training setting up and hosting a secure video conference—ideally, keep training sessions going on a regular basis to get new people on board and cover any updates or changes to the system. Having trained employees and establishing a common-sense security culture within your business or organization prevents “people” from becoming your largest security vulnerability.


Secure Video Conferencing 


Top 4 secure video conferencing platforms in 2021

Our breakdown is geared toward organizations who are likely to need a significant platform to handle their volume of employees and video conferencing, up to enterprise-level solutions. At the end of the day, you are the one best qualified to evaluate the size and scope of your own secure video conferencing needs, but definitely take this as a strong recommendation:


1.   Kaltura

Kaltura Meetings is among the industry leaders in secure video conferencing for the modern workplace. Kaltura meetings, with its SSO support, can be easily integrated into existing enterprise tools and give team members the ability to interact with a click, from anywhere and on any device. Click through the link for a deeper dive into our platform features.


As far as security, a range of authentication and authorization options are available on our platform, including (as mentioned) SSO. The Kaltura SaaS platform supports two-factor authentication and encrypts data at rest with AES-256 encryption. Our platform is deployed in AWS Virtual Private Cloud, Amazon’s worldwide cloud computing resources, with VPC security provided by AWS security groups, acting as a virtual firewall on every Kaltura instance and controlling inbound and outbound traffic. Kaltura’s platform additionally offers robust storage and hosting services operating from state-of-the-art data centers with high levels of stability, redundancy, and security.


Start Your Kaltura Meetings Free Trial, Today!


2.   Microsoft Teams

Microsoft Teams is a strong contender for businesses and schools that are already running on a Business or Enterprise version of Microsoft 365. Fun fact, Teams is a successor to Skype for Business and isn’t so much its own platform as a feature of Microsoft 365. In an integrated Microsoft environment, Teams has a powerful toolset for management, security, and compliance, and supports one-on-one and group video and audio calls up to 300 participants on its free tier (more for subscription plans) as well as shared files, screen sharing, and Office web apps for document collaboration.


The caveat is in part the learning curve and user experience: if your organization isn’t already fully on board with the Microsoft way of working, Teams’ feature set has been described as “baffling.”


3.   Cisco Webex

Since this guide is focusing on solutions for midsize and larger organizations, we’d be remiss not to mention proven industry workhorse Webex. This venerable conferencing software brand was founded in 1995 and acquired and updated by Cisco in 2007. And they’ve used that time fairly wisely, providing services from a full-featured free conferencing plan (limited to 3 users) all the way up to Enterprise plans.


It’s a solid choice; think of it as the “sensible shoes” solution to video conferencing. As far as drawbacks, it’s mainly that subscription-level services can get somewhat pricey.


4.   GoToMeeting

Another long-running piece of remote software with a solid track record. If you’ve been in the virtual conferencing game for a while, you may have already heard of it or used it. GoToMeeting got a major update in late 2019 and was kitted out with a bunch of new features, what’s been called by the developer a “completely reimagined product.” It’s now usable in a web browser with no download, as well as via desktop and mobile apps. The “reimagined” user experience is said to be consistent across platforms and integrates well with other business productivity apps. However, beyond a trial period, any free tier has been eliminated so paid plans are mandatory; make sure it has all of the features you want before getting locked in.


Want to take your online meetings seriously with secure video conferencing?

Learn More