Yealink has awarded by TÜV Rheinland, a leading international third-party inspection, testing and certification organization, and has officially received the GDPR certificate issued for IOT Cybersecurity to the Yealink Meeting.   

Xiamen, China – 01 July, 2020 – Yealink, a global brand specialized in video conferencing, voice communications and collaboration solutions, has obtained the GDPR certificate, an award issued by TÜV Rheinland  that illustrates the work and efforts made by the group in terms of security. Yealink offers high quality conferencing services that the business demand today while meets the strong security requirements of customers. With many high-level compliances, for example, California Consumer Privacy Act (CCPA), Yealink is capable of providing customers with highly secured audio-video conferencing services.

"Yealink, as the leading provider of enterprise communication is committed to the development of the smart grid. The company, which was one of the firsts to collaborate with TÜV Rheinland on certifications related to IoT cybersecurity, has demonstrated its respect for privacy and its commitment to Positive and rapid response to market changes." said TÜV Rheinland Greater China's Vice General Manager of electrical and electronic products and services, Chen Wenhua.

“Yealink has been devoting itself to providing reliable products and services to customers worldwide all the way, making communication easier and more efficient. Thanks TÜV Rheinland for its given support in interpretation of GDPR regulations, and response to them, so that we can gain the upper hand in market competition.” said Li Liu, Vice President of R&D at Yealink.

The containment caused by the Covid-19 pandemic has led to an explosion in the use of video conferencing applications and has created more security needs. Indeed, according to Fortune Business Insights, the global video conferencing market is expected to double in size by 2026 to $ 6.37 billion. Which is also required technical and security support for safe video conference environment. Many professionals use discussion and videoconferencing tools in the pandemic context.

However, it is important for enterprise to take care to respect safety standards to guarantee the durability of these tools because with the growth in the use of video conferencing solutions, there can be risks when good security practices are not followed. For all those who use or plan to use this new tool, it is essential to be aware of the potential risks.

What are the risks of unsecured video conferencing?

- Data leakage: cybercriminals could more easily have access to information due to the ease of transmission which is one of the biggest advantages of video conference. Nowadays, we are used to sharing via public platforms like social media and it is common to share links or meeting ID with colleagues in this way. Whereas, it's a risky practice because not all public platforms are well secured. And hackers can gain access to video conference simply by having the meeting ID.

- Unprotected/unsecured information transfer: when transferring documents, sharing links, etc., sensitive or confidential information could be susceptible to being seen or even stolen. Factors such as IP address, IOS identifier, time zone and language used, screen size, hard disk, etc., should be taken into account.

- Privacy risk: this raises privacy concerns. If you’re on a company call, legal or financial information or trade secrets could be stolen. For example, cybercriminals could use spyware to spy on you with your webcam if you do not turn it off when the meeting ends.

How to ensure the security of video conferencing?

- Check Meeting Links: when you receive a meeting invitation, verify that it's from a known, trusted sender. Also, check the meeting link before clicking, watching out for malicious links with “.exe,” for example. Instead of taking you to a conference, those links may contain viruses or install malware on your computer.

- When users register, they must create a strong password or use a videoconferencing system only with the private mode settings to prevent outsiders from joining a conference.

- A level of encryption must be set up: conferences can be locked and the host can create a waiting room to check who is trying to join the meeting.

- Disable file transfer features: threat actors looking to take advantage of the rising popularity of video conferencing apps will sometimes use meeting rooms or chat rooms to upload files that are unwittingly downloaded by participants. To minimize the chance of this happening, the meeting host should disable file transfer features and instead, use other methods such as email for sending files.

- Don't reuse the same meeting ID: while having the same meeting ID session after session makes it convenient for the host to share, this is equally convenient for meeting bombers -- aka squatters -- who, once they get ahold of an ID, arrive uninvited and spew nonsense. Never reuse the same meeting ID, especially for important business meetings.

- Privacy policies like GDPR must be clear and free of jargon: user personal data will only be located in the preferred area and will not be transferred. Only Customer themselves can choose to delete all personal data.

- Always update to the latest version: patches are there for a reason — either to add new features or to fix bugs and vulnerabilities, many of which can be leveraged by malicious elements looking for software flaws that they can exploit. Users should always update their app to the latest version to address vulnerabilities.

- Report Suspicious Activity: Remember to report any suspicious activity to your corporate Information Security and Information Technology teams.

- Do educate all employees who host meetings on the specific steps they should take in the software your company uses to ensure their conferences are secure.

As the issue of security has become essential for videoconferencing, Yealink pays particular attention to the security of its solutions Yealink Meeting and concentrates its efforts to guarantee the security of the exchanges so that users do not encounter any security problems.

Yealink Meeting puts a lot of importance on security building and maintaining, from the architecture and the data security, to meet the security requirement of customers. Yealink Meeting secures the online conference with lots of features, such as passwords, option to lock the conference, exclusive control of moderators, etc. Please find below some main characteristics which deserve to be highlighted.

HIGH SECURITY WITH YEALINK MEETING

• Yealink does not view, record, or store any audio, video, or presentation, except for the video conference data recorded by users on Yealink Meeting. With Yealink Meeting solution, the data will be permanently deleted 180 days after the end of your contract to prevent fraudulent use after the fact.

• Yealink Meeting offers secure and reliable global cloud architecture and ensures compliance with GDPR, and strictly follows its requirements on data security. The cloud-based services of Yealink Meeting are hosted within highly secure Amazon Web Services (AWS) data centers.

• All audio and video transmitted are encrypted with SRTP to protect the confidentiality of meeting information. It is possible to only share content within your organization. All meetings are encrypted with AES-256 & TLS. The connection between Yealink Meeting cloud-based client software and services is authenticated through HTTPS, and the registrations are secured via TLS, providing robust security protection.

• Yealink Meeting also features a conference lock function, which provides additional PIN-protected security assurance for all meeting participants and the chat function in the meeting room becomes invalid once the conference ends which helps to safeguard the information in business meetings reliably.