With the growing necessity of remote meetings, make sure you are up to date on the safest online practices. Below are a few helpful tips on how to keep yourself secure. This blog is a companion piece to a recent video blog our New York City team produced, which you can watch here.
In an April 9th report, Microsoft reported a 200% increase in the use of its Teams platform, and a 1000% increase in video calls in March 2020 alone. With this explosive growth comes increased vulnerability. Therefore, you should set some time aside to research the various conference offerings, get to know your chosen tool, and consider the sensitivity of the information being shared.
First, the options: there are dozens of remote meeting applications available, but the most popular offerings might not provide the right fit for you and your team. There are providers that offer unique security solutions for calls – individual PINs for attendees, for instance – and you should get to know the options before choosing a tool. If you need a place to start, Computerworld has compiled a comprehensive list of available tools.
When hosting meetings, a key thing to keep in mind is how your application allows you to monitor and validate your attendees. There are a few simple steps you can take:
- Use an online dashboard while hosting and make sure your application requires login and verification.
- If available, use a waiting room or enable a chime when someone joins.
- Consider requiring video from your participants so that you can see and verify everyone.
- Once all expected attendees have joined, lock the room to prevent unauthorized access.
It may take a bit longer to get a meeting started with these measures, but the minor inconvenience is well worth the added security. Lastly, make sure you know how to quickly remove anyone who shouldn’t be in your meeting.
Next, ensure that the meeting link being circulated is secure before your participants open it. In general, try not to reuse access codes – including your personal meeting ID – and PINs, especially when hosting multiple meetings with different parties. Don’t use your personal ID if you need to create a meeting for large groups or post the details publicly. As the host, you should only enable screen and file sharing if necessary, and limit those capabilities to select participants.
You should be especially vigilant when you host a meeting where sensitive information is disclosed or discussed (Fig.1). Use the access code and PIN only once for these kinds of conversations, and consider additional measures like two-factor authentication, individual PINs, or caller ID verification. You should circulate details close to the time of the call to limit misuse or abuse. The earlier those details are provided, the more time there is for them to spread, whether inadvertently or intentionally.
Finally, don’t share sensitive information unless you are completely confident that the call is secure. Contemplate whether the information you’re sharing needs to be provided to all attendees, or if it would be best shared via direct phone calls or secure messaging. Consider the fallout if the call is being observed or recorded without your knowledge.
Fig1. Categorize your meetings based on sensitivity and implement appropriate security measures. (Image taken from National Cybersecurity Center of Excellence website; last accessed 20 May 2020; https://www.nist.gov/image/conference-call-security-graphic)
In fact, consider the question of “to record or not to record” beforehand. Recordings are generally saved in the cloud, and malicious actors have exploited and accessed cloud saving locations of some applications. If personal or sensitive information is being discussed and you have the auto recording feature enabled, you might want to turn that off before the meeting starts. If you do need to send the recorded meeting to an absent colleague or an inquisitive client, make sure you are careful with where you save or upload the recording. If you do use your chosen application’s cloud feature, make sure it is password protected.
The last thing to keep in mind is that if you are on a mobile device, do not use that mobile device to record your meeting. Depending on your device, you will most likely have less control of and visibility into where the recording is being saved/uploaded.
The key here is making sure that everything you can secure is secured. Stay safe and good luck with your meetings!
We hope you never need our services, but if you find yourself in the middle of an attack, Kivu is here to help.