The Role of End-to-End Encryption in Securing Virtual Meetings

By Aaron Smith

Criminals will eventually find vulnerabilities and exploit them. Unsecure virtual meetings are no exception

Companies conduct hundreds of thousands of virtual meetings every day. Many of these meetings include the exchanging of sensitive information that could damage the company if it fell into the wrong hands. Cybercriminals are aware of this and will do everything in their power to access it. Luckily, video conferencing providers are fighting back by equipping their software with end-to-end encryption

Here’s how it works.

From Sender to Receiver Without Interruption

Before discussing end-to-end encryption (E2EE), it’s first important to understand the idea of encryption in cybersecurity.

Encryption is an algorithm that scrambles data. To ensure only authorized individuals are able to read it, the sender and designated recipients of the data agree to a key that decodes the data. If encryption didn’t exist, cyberthieves could easily steal data from sources such as public WiFi networks.

E2EE adds an additional layer of security. Unlike encryption in transit, in which an intermediary—namely, an internet service provider—has access to unencrypted data after it’s sent from sender to recipient, E2EE keeps data scrambled from the moment it’s sent from a sender until the recipient has it in hand. So, when you turn on your Google Meet video conferencing hardware and start your meeting, you can feel confident only invited guests will have access to the data that is being exchanged.

To enable this level of security, two codes are embedded in the data: One that encrypts the data and another that decodes it. It significantly reduces the chances of valuable data ending up in the wrong hands.

E2EE covers a range of data shared during virtual meetings, including:

  • Audio
  • Video
  • Shared screens

Most virtual meeting providers offer limited functionality when users opt to turn on E2EE. Microsoft Teams, for example, blocks the use of features such as live captions, transcription, and recording.

As more video conferencing providers add E2EE to their software, users are enjoying a number of benefits. Here are a few noteworthy ones.

Source: https://pixabay.com/photos/student-typing-keyboard-text-woman-849822/

1.   Provides Increased Security

Over the last decade, cybercrimes have become increasingly common. Since 2017, the number of cybercrime complaints has risen by 191 percent. In response, companies are investing millions in bolstering their cybersecurity teams.

Until recently, virtual meetings were a vulnerability. In the midst of the Covid-19 pandemic, stories of unauthorized individuals joining meetings in which confidential information was shared were common.

Virtual meeting software providers have since implemented a range of security features to prevent these types of incidents from occurring. Many of them position their E2EE functionality as an additional layer of security users can turn on for meetings in which they plan to share confidential meetings.

This feature has proven to be especially valuable for government agencies and defense contractors since the information shared among employees of these organizations can have national security implications.

2.   Builds Trust Between a Company and its Clients

Privileged information is often shared between vendors and their clients during meetings. Leaks of this information can have major consequences.

Even news of minor financial distress can put a company’s competitive position in jeopardy. Publicly-traded companies, in particular, are at risk of information falling into the wrong hands and tanking their stock prices.

Companies can offer their clients peace of mind by taking the extra step of safeguarding their meetings with E2EE. Taking this extra step to prevent data breaches and the interception of communications by third parties signals to customers that their vendors are doing their due diligence to protect their company’s sensitive information.

3.   Ensures Compliance with Data Privacy Regulations

Before signing any contract, a company’s IT team typically asks vendors to provide documentation of their cybersecurity measures. In some cases, incomplete or inaccurate responses can doom a partnership between two organizations before it even begins.

E2EE ensures a company’s video conferencing software complies with many of the major data privacy regulations, including HIPAA and PCI-DSS. And, if your company has clients overseas, it’s even more important.

In 2018, the European Union created the General Data Protection Regulation (GDPR), which attempts to create standard sets of data privacy rules across EU member states. Any company that handles the data of EU citizens—even those that aren’t based in EU member states—must comply with GDPR. Companies that fail to do so face substantial penalties from the EU.

Cybersecurity experts say E2EE aligns with the GDPR’s focus on putting in place technical security measures to protect the privacy of EU citizens.

4. Can Be Used for Any Type of Virtual Meeting

Whether a virtual meeting involves two or 200 employees, there’s a high likelihood valuable information is being shared.

Even casual conversations between two colleagues can include secrets the company wouldn’t want the public to learn. Fortunately, the E2EE functionality offered by virtual meeting providers is highly flexible. Users can turn on E2EE for a one-on-one call with a coworker. And, for staff meetings, the host can deploy E2EE to prevent any information shared from leaking out.

Business leaders can feel confident in knowing every member of their staff has the tools to protect company secrets available at their fingertips.

5.   Prevents the Manipulation of Data

Cybertheft isn’t the only type of crime cybercriminals are liable to commit.

In recent years, some hackers have managed to intercept unencrypted data. Rather than using it for blackmail or selling it to the company’s competitor, some actually seek to sabotage the business. This often takes the form of the hacker modifying the data or simply preventing the communications from reaching its recipients. All of this can be very costly for a business.

Encryption prevents data manipulation by preventing unauthorized parties who lack keys from accessing company data. It’s a simple way for companies to promote data integrity.

Unlock the Power of E2EE at Your Company

Perhaps the best part of E2EE is that anyone can use it. Most of the major virtual meeting providers allow both free and paid users to turn on E2EE. Take the extra step of turning it on during your next meeting—you’ll be glad you did!

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.