5 Ways to Increase Conference Call Security in the Era of COVID-19
COVID-19 rapidly changed everything. Many of us are now working remotely instead of heading into the office and we’re connecting with more than just work colleagues in new ways due to social distancing guidelines. Because of this shift from the office to the home office – or bedroom, kitchen or back porch – and the increase in professional and personal conference calls, our security paradigm also needs to shift.
With the increase in “bad actors” waiting to capitalize on the vulnerability of people during these times, this is when we need to be our most vigilant. And if the traditional email scams, cyberattacks and phishing campaigns weren’t enough, the FBI recently issued a warning on reports of “Zoom Bombings” that have been menacing users of this increasingly popular video conferencing platform.
Today your surroundings are no longer just your physical space, but also the virtual space you occupy personally and with work. More than ever, we must all be thinking about privacy, confidentiality and security. To help you keep safe while working remotely, we’ve included five best practices for more secure conference calls.
1. Where You Share
Intended audience only. Don’t share your meeting details outside of the required attendees. This may seem like a given, but this is a key to keeping unwanted guests away from your private meeting.
Don’t post meeting information in public locations. Unless your meeting is literally open to the public, there is no good reason to post the meeting information on a public platform, website, forum, or social media.
2. Meeting Settings
Unique Meeting ID. Use a unique meeting ID for every meeting instead of your personal meeting ID. If you reuse your meeting ID every time you schedule a meeting, you increase the risk of that information getting out into the open. In the case of Zoom, if you check the box for “Enable join before host,” then your personal meeting is always on and anyone from anywhere can join at any time.
Unique password for each meeting. Create a unique password for every meeting. This follows a generally considered best practice of avoiding password re-use. If you use the same password for every meeting and the meeting information slips into unintended hands, your security becomes compromised.
3. Maintain Control
Host sign-in. Keeping tight reins on an online meeting is important. Sometimes, this can be more about meeting protocol than security (muting the person walking in the wind storm), but you need to have at least one person signed-in to monitor the meeting controls for routine tasks like muting/unmuting participants and coordinating screen-sharing.
Boot-n-Mute. If a bad actor does obtain access to your meeting as a guest, you can at least mute and boot the unruly stranger. But if you don’t have anyone signed in as admin, you could be out of luck. Plan ahead to have someone manage the meeting so you can avoid awkward goof-ups and keep the meeting going according to plan.
4. What You See and Hear
Sharing your screen. Consider what is on your screen before you start sharing it! Do you have open chat windows or private emails on-screen that you wouldn’t want meeting participants to see? Minimize or close all open applications that aren’t relevant to your sharing session, so you don’t accidentally disclose private or confidential information.
Audio awareness. Remember, it’s not only what people can see that might reveal confidential or private information, but also what they can hear. It goes without saying when you’re in the office, but when you’re at home, you could expose personal or private family information that your loved ones would never want repeated outside the home.
5. What’s on Your Camera?
Background. Take stock of what’s in view on your camera before you start your meeting. Microsoft Teams allows a user to blur the background and Zoom allows you to add a fake “virtual” background, which can be a lot of fun! This gives you a chance to hide the mess or provide privacy for something that might compromise your personal security.
Consider the Risks
Virtual meeting security has garnered a lot of press lately. Security experts and business leaders are concerned about the related business risk due to the extreme rise in video call volume from the newly at-home workforce. These risks include:
- Disruption – A malicious attendee that stumbles into your meeting information could infiltrate and disrupt your meeting, as was a recent City Council conference meeting in Michigan. Meeting disruption = business disruption.
- Information Exposure – A silent but uninvited attendee could be lurking in your meeting to gather sensitive or confidential information that could later be leveraged in a spear-phishing campaign or other malicious attacks.
- Data Breach – Screens and files are often shared or exchanged during online meetings. Unsecured meetings could lead to direct data breaches, to which the cost and business impact could be astronomical.
Resources from the Experts (and something to make you laugh)
Information Security bloggers and thought leaders have posted about Zoom Bombing and other risks to consider in this new remote work environment. The tips above and the articles linked to below are great resources for you to consider and pass along to your colleagues, friends, and family.
- COVID-19 Means Being More Vigilant Online
- How is Coronavirus Impacting Cybersecurity and Business Technology
- Zoom Isn’t Malware
- Zoom’s 90-day Plan to Bolster Key Privacy and Security Initiatives
- Is Zoom’s Lack of End-to-End Encryption a Problem?
- Zoom adds new security and privacy measures to prevent Zoom Bombing
- Humor – A Video Conference Call in Real Life
You can read more of our Cyber and technology-related articles HERE.
Visit our COVID-19 Resource Center for more information and resources to help you and your business.
Chad R. Voller?>
CISSP, CISA, PMP, ITIL, MCP
About the Authors
Stay up-to-date with the latest news and information delivered to your inbox.