CONNECT WITH US
www.cisa.gov
For more information,
Linkedin.com/company/cybersecurity-
and-infrastructure-security-agency
@CISAgov | @cyber | @uscert_gov
For more information, please visit cisa.gov/telework
GUIDANCE FOR SECURING VIDEO CONFERENCING
This product is for organizations and individual users leveraging videoconferencing tools, some of whom are remotely working for
the first time.
As the authority for securing telework, the Cybersecurity and Infrastructure Security Agency (CISA) established this product line
with cybersecurity principles and practices that individuals and organizations can follow to video conference more securely.
Although CISA is providing this general risk advisory guidance, individuals and organizations are responsible for their own risk
assessments of specific systems and software. For optimum risk mitigation, organizations should implement measures at both
the organizational and user levels.
BACKGROUND
➢ The Federal Government, state and local
governments, the private sector, and general
public have pivoted to widescale remote
work and online collaboration.
➢ Video conferencing has emerged as a
pervasive tool for business continuity and
sustained social connection. Although
increased telework and online collaboration
tools provide necessary capabilities, video
conferencing has increased the attack
surface exploited by malicious actors.
➢ Once niche products, many of these tools
were meant for a subset of the business
community and were not scaled for crisis-
driven ubiquity. Entire industries, sectors,
and stakeholder sets are now profoundly
dependent on online tools—simultaneously.
➢ Amid the unanticipated exponential growth
and unprecedented popularity of these
platforms, many video conferencing users
have not implemented necessary security
precautions—or might be unaware of the
latent risks and vulnerabilities.
FOUR PRINCIPLES AND TIPS TO SECURE VIDEO
CONFERENCING
Risk: The initial settings for home Wi-Fi networks and many video
conferencing tools are not secure by default, which—if not
changed—can allow malicious actors to compromise sensitive
data while you work from home.
Mitigation: Change default passwords for your router and Wi-Fi
network. Check that you are using Wi-Fi encrypted with WPA2 or
WPA3. Verify your video conferencing security settings and use
encrypted video conferencing tools whenever possible.
Tips: Here are some simple actionable tips for connecting
securely at home.
✓ Change default password to strong, complex passwords
for your router and Wi-Fi network.
✓ Choose a generic name for your home Wi-Fi network to
help mask who the network belongs to, or its equipment
manufacturer.
✓ Ensure your home router is configured to use WPA2 or
WPA3 wireless encryption standard at the minimum, and
that legacy protocols such as WEP and WPA are
disabled. See CISA’s Tip on Home Network Security for
additional information.