Camera-off culture might be putting your business at risk

Whether you’re hiding your bedhead, baby, or just your Resting Bored Face, we’ve all been guilty of keeping our cameras off in video conference calls .

But what if being camera-shy could actually put your business at risk?

A recent cybersecurity update from retailer, The Co-operative Group suggests that in today’s remote-first workplace, switching off your camera during calls might pose an unexpected threat. Not just to team engagement, but to your company’s security.

Co-op cyber attack forces new camera rules

So what happened at Co-op? As the company responds to an ongoing cyber attack, staff were last week instructed via an internal email to turn their cameras on during calls so that all attendees can be visually identified. 

Reportedly, this was to help prevent unexpected or uninvited guests from accessing calls, as they would be harder to identify during and after the meeting.

Staff are also being urged not to share sensitive information via Microsoft Teams chats and to report any suspicious messages or emails.

This follows a report last week that the company had to shut down part of its IT system in response to hackers attempting to gain access. 

Why people keep cameras off – and why it’s risky

For many, keeping the camera off during video conferencing has become not just accepted, but preferred. 

It’s an open secret among some teams that it allows for a bit of multitasking: letting your spray-tan develop, wearing a face mask, tackling some housework, or even calling in from bed when you’re feeling under the weather. Camera-off culture gives people the freedom to join meetings on their own terms. No judgment, no dress code.

However, it’s not without its risks. When camera-off meetings become the norm, cybercriminals can lurk undetected in your video calls. Without being able to visually check the meeting participants’ identities, an imposter may be present, and you’d be none the wiser. 

Hackers may gain access to your calls either by Zoom bombing or identity spoofing. Zoom bombing refers to unwanted visitors gate-crashing Zoom calls, while identity spoofing refers to somebody adopting a false identity online to access information or commit fraud. 

Since remote work relies on the potentially fragile nature of the internet, it has created new vulnerabilities for internal meetings that bosses need to be aware of. 

Should we all turn our cameras on now?

With hybrid work becoming the norm in many UK workplaces, cybersecurity is an increasingly important point to consider when remote calls are taking place.

In light of Co-op’s recent online security breach, businesses may want to rethink their approach to meeting etiquette, especially when sensitive topics are on the agenda.

Encouraging your team to keep their cameras on could help mitigate risks, alongside other simple measures like digital attendance verification and using unique meeting credentials. Could this be the beginning of the end for camera-optional culture?

Cyber attacks on the rise

Co-op isn’t the only major company to have been targeted by cyber threats recently. M&S has also been battling an ongoing cyber attack for weeks. It has had to stop accepting online orders amid the threat, plummeting its share price. 

While these are two high-profile cases, SMEs aren’t immune. A quarter of small businesses also experienced cyberattacks last year, as reported by the government’s 2025 Cyber Security Breaches Survey. 

With this in mind, businesses of all sizes should consider reviewing their approach to cybersecurity. Learning to love the camera may be a smart first step.