rocketclips - stock.adobe.com
With lockdowns and shelter-in-place advisories being mandated across the globe, anyone who can work from home is -- a new working reality that will be the state of affairs for weeks, if not months.
A crucial lifeline for many remote employees is the ever-faithful video conferencing tool. It plays a vital role in keeping employees connected and productive. However, as can be expected, anything being used consistently by many workers will also become an attack target of miscreants. Aside from external threats -- such as software security vulnerabilities that could result in remote code execution, remote controlling of webcams unbeknownst to the participant or denial-of-service attacks -- there are basic hygiene and video conferencing security best practices that will make this critical communication tool safer and more private for employees and their employers.
Here are some tips to help enterprises adapt to a video conferencing-enabled workforce and set them up for the long haul to host remote meetings in a secure and private manner. Note, these are general recommendations, not vendor-specific ones. Not every product will support these features, but if available, they should be implemented. This list can also serve as a way to qualify existing tools versus other options on the market.
1. Enforce meeting starting rights
Some tools have the option to start a meeting as soon as the first guest arrives -- much like a physical meeting, where attendees stream into a conference room before the host and start chatting. Organizations should disable this option if the meeting requires the host to control the official start of the meeting. This is also critical with meetings getting forwarded and unapproved individuals attending.
2. Don't reuse the same meeting ID
While having the same meeting ID session after session makes it convenient for the host to share, this is equally convenient for meeting bombers -- aka squatters -- who, once they get ahold of an ID, arrive uninvited and spew nonsense. Never reuse the same meeting ID, especially for important business meetings.
3. Add a meeting password
Beyond creating a unique meeting ID for each meeting, be sure to add a meeting password. While this adds some user friction, it also adds a layer of needed protection, particularly for critical meetings. In the face-to-face world, password authentication would be the equivalent of recognizing each other's faces in a physical conference room.
4. Lock the meeting once quorum is reached
Similar to physically locking a room after all the attendees have arrived, many tools can virtually lock the room after all virtual attendees have checked in. This prevents any unauthorized entrants.
5. Remind attendees if a meeting is being recorded
Most tools have a recording option. If a meeting is going to be recorded, for privacy reasons, make it a point to announce this at the beginning, halfway through -- for employees who may have joined late -- and at the end of the meeting.
6. Use a virtual background
With more than one remote employee sharing a house or workspace, having the ability to blur or replace the screen's background is a critical privacy feature. For example, Zoom has virtual backgrounds, and Microsoft Teams offers background blurring. These features prevent any accidental snafus and enable team members to stay focused even in the presence of distracting background activities.
7. Treat the chat room with caution
As users get more comfortable with video conferencing tools, additional communication capabilities the programs offer, such as chat rooms, will gain traction. Caution employees to never share confidential information or files in chat rooms. Also, be careful when clicking links in chat rooms. Video conferencing tools may not offer the same antimalware protection as an email client, for example.
8. Update, update everywhere
With many user devices -- laptops, phones and tablets -- at home, the ubiquitous conferencing tool is likely installed on more than one. And, with these tools in the crosshairs of attackers and white hat testers alike, the frequency of software updates for critical flaws is likely going to increase as well. Be diligent in updating these video conferencing apps more frequently on all devices.