CIS Videoconferencing Security Guide

Videoconferencing is a great way to connect with co-workers and peers, especially when in-person meetings aren’t possible or feasible. Videoconferencing eliminates the extra expenses it would take to meet in person, such as travel, and saves on time when it comes to planning a meeting.

With recent events, videoconferencing has become an even more important business tool, since in-person meetings have been discouraged. Unfortunately, this growth has also made it a target for a series of new attacks such as Meeting Bombing, Malicious Links In a Chat, and Stolen Meeting Links to name a few.

This Videoconferencing Security Guide’s goal is to provide overall security guidance to mitigate these types of attacks, and be applicable to a wide variety of videoconferencing systems and their users. In addition, it will give some more specific guidance for a few systems in common use. This guide is roughly organized based on the CIS Controls Implementation Group 1 (IG1) security controls for basic cyber hygiene, which is a great starting point for any security effort. It is bolstered by experience and feedback from the CIS Benchmarks, which provide detailed technical security configuration guidance for a variety of technologies, including some videoconferencing technologies.