When the popularity of any technology increases quickly, the number of bad actors taking advantage of new and untrained users also grows. During the current pandemic, this has been happening with videoconferencing services and applications—for example, multiple reports surfaced recently of conferences being disrupted by intruders who inserted pornographic and/or hate images and threatening language into meetings.
While hijacked meetings are disruptive and disturbing for participants, a more insidious threat is intruders who lurk without revealing their presence—a nightmare for corporate security and individual privacy alike.
The good news is that many videoconferencing products include security settings that can prevent such incidents—but it’s up to the host to configure those settings, and attendees need to follow best practices as well. Here’s a list of videoconferencing security do’s and don'ts:
Do enable password protection.
Zoom, for example, now auto-generates a password in addition to a meeting room ID. Make sure your service uses both a meeting ID number and a string, and that it also has a separate password or PIN.
Do use waiting room features.
These put participants in a separate virtual room before the meeting and allow hosts to admit only those people they want to have attend.
Don’t record meetings unless it's absolutely necessary.
If you do record a meeting, make sure all participants know they are being recorded (the software should indicate this, but it’s good practice to tell them, too) and give the recording a unique name when you save it.
Don’t allow participants to screen share by default.
Your software should offer settings that allow hosts to manage screen sharing. Once a meeting has begun, the host can allow specific participants to share their screens when appropriate.
Do lock a meeting once all the participants have joined the call.
However, if a valid participant drops out temporarily, be sure to unlock the meeting to let them back in and then re-lock it after they return.
Do eject participants from meetings if an intruder is able to get in or becomes unruly.
This prevents them from rejoining. Do make sure that if you host work meetings, you know the specific steps you should take in the software your company uses to ensure your conferences are secure.
For Hosts and Participants
Don’t post links to conferences on social media.
Hosts should invite attendees from within the conferencing software—and invitees should not share the links.
Don’t use video unless you need to.
Turning off your webcam and listening in via audio prevents possible social engineering efforts to learn more about you through background objects. Audio only also saves network bandwidth on an internet connection, improving the overall audio and visual quality of the meeting.
Do use the latest version of the software.
Security vulnerabilities are likely to be exploited more often on older software versions. Double-check that you are using the most up-to-date version available.
Security Smart Newsletter