How to Make Sure Your Online Meeting is Secure
Use these tips for safer video conferencing at work
With nearly half of the U.S. population still working from home because of COVID-19, the popularity of videoconferencing as a crucial tool for business has exploded. Web conferencing companies are reporting huge increases in people using the platform, with over 4 million people meeting in a single day on Webex, or up to 300 million meeting participants a day on Zoom.
When any technology sees such tremendous growth, bad actors trying to take advantage of the popularity soon follows. In the case of web meetings, new and untrained users are particularly vulnerable. Probably the most widely reported example of videoconferencing services being attacked is the hijacking of meetings on the popular platform Zoom.
Zoom Bombing is where a complete stranger can actually come into your meeting and wreak havoc. The FBI got involved after multiple reports of conferences being disrupted by pornographic or disturbing images and threatening language were received. Even more damaging for businesses is the threat that strangers could enter a meeting and lurk in the background, listening in on discussions that could contain confidential information. Password vulnerabilities were also discovered, forcing Zoom to scramble to increase security.
Once Zoom platform vulnerabilities started to surface, another nightmare was uncovered. According to the Washington Post, thousands of private recordings of Zoom meetings were discovered on the internet.
Videos viewed by The Washington Post included personally identifiable information of children and adults, deeply intimate conversations and nudity, health records and confidential business information such as financial statements.
Recordings were not hacked on the Zoom platform itself; it is what people did with the videos after recording, including uploading to an unsecure cloud storage account using Zoom’s default naming convention for recordings. I did my own internet check on this, and the user-caused security problem still persists.
Having secure online meetings
Since new internet threats appear regularly, no system is 100% secure. Video conferences can, however, be safely held. A combination of using a product with good security settings and training users on configuring these settings is the key.
Expanding on the FBI’s warnings regarding Zoom with input from security experts, here are some tips to help businesses create greater privacy and control for confidential meetings.
+ Security strategy
First, your company should choose a meeting platform with good security tools. Many of the most popular meeting and collaboration platforms have made enterprise level tools available for free during COVID-19. Meeting organizers should evaluate their meetings’ sensitivity and adjust security protocols accordingly.
+ Create unique meeting IDs
Many platforms give users a standard meeting room name, which may be fine for meetings that are not confidential, such as a quick one-on-one check in with a team member. Most business meetings, however, should have a unique meeting identifier to increase security. If a meeting organizer reuses a meeting ID or room name, anyone that was invited to a previous meeting can join all future meetings. The room name could be shared though less secure channels such as email or meeting announcements. Best practices include making each meeting ID unique.
+ Implement meeting passwords/PINs
For an extra layer of security, beyond a unique meeting ID, apply unique passwords or PINs so only invited participants can join calls. In security settings, make sure users are required to enter the password, making authenticated meetings standard.
+ Do a roll call
All employees should complete their profile on the meeting platform so that their name and picture appear when signing into a meeting. Sometimes videoconferences include participants from outside the company, however. Meeting hosts should make sure they can identify everyone on their sensitive calls, including those appearing with just a phone number, by doing a roll call at the start of the meeting. This is also a good way for participants to practice turning their microphone on and off.
+ Use waiting room features
A waiting room feature puts participants in a separate virtual room before the meeting, allowing the host to admit only people who are supposed to be in the room. It is also a good idea to disable the ability for participants to join a meeting before the host arrives, keeping people from accidentally discussing sensitive information before knowing who is on the call.
+ Limit screen sharing
Don’t allow participants to screen share by default. Your software should offer settings that allow hosts to manage the screen sharing. Once a meeting has begun, the host can allow specific participants to share when appropriate.
+ Apply notifications
Turn on notifications to keep track of who enters the meeting room at any given time, and make use of both visual and audible notifications so nothing goes unnoticed.
+ Limit alternate hosts and password sharing
Apply policies that prohibit employees from sharing meeting room passwords and allow alternate host permissions to avoid credentials falling into the wrong hands.
+ Lock the meeting
Once all the participants have joined the conference, you can lock the meeting to prevent uninvited people from joining. However, if a valid participant drops out, be sure to unlock the meeting to let them back in and then relock it after they return.
+ Don’t record meetings unless you need to
Live meetings you would have had in the office probably would not be recorded, and you may not need to record your video conference either, especially if someone is taking minutes. If you do record a meeting, make sure all participants know they are being recorded. Most importantly, give the recording a unique name when you save it.
+ Train all employees who host meetings
All meeting hosts and organizers should know the specific steps to take in the software your company uses to ensure their conferences are secure. Check through the software tutorials and decide in advance the security settings appropriate for your company.
+ Check for updates
As meeting software security issues crop up, patches are deployed or functions are disabled. Make sure you have the latest updates installed. Updates can generally be found by opening the application on a desktop computer, clicking on your profile and selecting “Check for updates.” Or, find out how to check for updates in the help files.
+ If your meeting is compromised
If you find any concerns during a meeting, the best thing to do is end the meeting immediately. Mute all participants and quickly state the meeting is ending because of a security violation, then shut down the meeting software. Note, this must be done by the meeting organizer. Make sure to immediately report the issue to the platform provider and your company’s legal and security teams.
In today’s world of meeting on the internet, nothing is 100 percent secure. By following these steps and using a bit of common sense, however, you can protect sensitive company information and personal privacy while video conferencing.