How Secure Is Your Video Meeting? This New Study Answers
Edited by Lizzy Schinkel, Tech Writer | Reviewed by Brian Gilbert, Network Administrator

Peer-reviewed research compares seven leading video-conferencing platforms, revealing wide gaps in encryption strength, breach history, and compliance

Video chat kept the world running during COVID-19, but it also opened millions of unguarded doors and exposed just how uneven video conferencing security can be. A new peer-reviewed paper in Current Trends in Computing compares the security and privacy posture of seven leaders - Zoom, Microsoft Teams, Google Meet, Skype, Cisco Webex, GoToMeeting, and TeamLink - and finds sharp differences that matter long after lockdowns have faded.

How the researchers took measure

Isa Avci and colleagues at Karabük University conducted a document-based analysis, mining official white-papers, CVE records, data breach reports, and regulatory filings. Instead of lab hacking, they scored each service across six domains: encryption, authentication, compliance, feature design, publicly documented incidents, and vendor audit practices. The side-by-side approach shows where marketing claims diverge from lived reality.

Video conferencing platforms don't all offer the same protections.

Encryption: a tale of two standards

The researchers concluded this: all seven tools encrypt traffic, yet strength and scope vary.

Cisco Webex and modern Zoom sessions now default to AES-256 with optional end-to-end encryption video calls (E2EE). Google Meet and Microsoft Teams secure data in transit but still decrypt streams on their servers.

GoToMeeting lags with AES-128 and no E2EE, while Skype’s PSTN hand-offs strip encryption entirely. TeamLink, built on WebRTC, keeps media encrypted but stores no user data, reducing post-call exposure.

Authentication and compliance split the field

Ultimately, enterprise-grade identity management sets Cisco Webex and Microsoft Teams apart. Enterprise-grade identity management helps Cisco stay ahead: a robust Cisco Webex compliance portfolio includes ISO 27001, SOC 2 and FedRAMP. Microsoft Teams matches that depth and includes Microsoft Teams MFA and granular support.

Zoom, on the other hand, provides flexible waiting rooms, 2FA, and HIPAA options. However, it still relies on administrators to lock settings down. Google Meet rides Google Cloud’s compliance stack, while Skype, TeamLink, and GoToMeeting lack formal third-party attestations, presenting an issue for healthcare and education users.

Breaches tell the hard truth

Numbers underscore the stakes. The Zoom breach in 2020 spilled 500 million credentials and led to an $85 million privacy settlement. GoTo’s 2023 incident, now catalogued as a major GoToMeeting vulnerability, exposed encrypted backups and some MFA settings across multiple products. Webex, Meet, and Teams have faced serious vulnerabilities but have been patched quickly; no large-scale credential dump has followed.

Choosing a safer platform

The authors urge organizations to map requirements first. Highly regulated sectors should favor Webex or Teams for their certification depth. Zoom is viable if E2EE is enabled and strict host controls are enforced.

Google Meet and TeamLink fit classrooms that value ease over fine-grained policy. This is because they aren't quite up to the security standards of other platforms. GoToMeeting and Skype suit casual calls, but remain risky for sensitive data until they adopt stronger crypto and mandatory MFA.

What users can do now

Even the most robust platform can be undermined by a single careless click, so security ultimately hinges on day-to-day habits. By tightening a few settings and adjusting how you share information, you can shut the door on most opportunistic attacks and create truly secure online meetings.

Treat meeting links as sensitive credentials: share them only through direct channels like email or team chat and never post them on public forums or social media. Always enable multi-factor authentication for your video-conferencing account so that a stolen password alone can’t unlock a session.

It's equally important to keep your desktop and mobile clients up to date, because vendors push critical patches to the newest builds first. Before each call, review the host controls and activate the waiting room or lobby feature, restrict screen-sharing to presenters, or disable file transfer if you don’t need it.

Finally, be mindful of the visual breadcrumbs you broadcast: blur or replace your background, clear any confidential papers from view, and think twice before taking or posting screenshots that expose meeting IDs, attendee lists, or faces. A few minutes of setup can turn an easy target into a much harder one.

Author

Written and Edited by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.