Introduction
In the wake of COVID-19 organizations are making extensive use of Zoom and other teleconferencing technologies. Like any technology, these platforms can provide productivity benefits but also security risks. Read more to see how to secure your organization’s video conferences.
Video Conferencing Risks
Zoom and other platforms often default to very “open” meetings for easy access by participants. Typically all you need to join is a meeting ID, which is usually a 9 digit number, which is sometimes made public and also can be guessed at random. There are reports of hackers, pranksters, hackers, pranksters, and other malicious actors joining Zoom meetings uninvited and causing trouble (typically by interrupting with audio, video, chat, or screen sharing). These malicious actors can cause interruption, offend users, and spread malware through malicious links.
Select One Platform, Consider Paid Accounts
We recommend that each organization select one platform to meet their needs, then purchase accounts for them rather than use free accounts. Organizations using G Suite should consider Google Hangouts Meet which is included in a G Suite Business account. Zoom is another very popular platform. Organizations who select one platform and have their users stick to it will have an easier time securing their meetings.
With the prevalence of free accounts, some employees may be using their own free personal accounts to host meetings. These free personal accounts are not centrally managed or secured. We recommend your organization consider purchasing a set of paid accounts which can be centrally managed, then requiring your employees to use the selected platform. Computer Courage is available to help purchase and configure accounts, and to provide policy or instruction for employees.
How to Secure Your Meetings
Once you’ve determined which platform and accounts you’ll use and set their default settings, any employees who will host meetings should be oriented to the various settings and options for security on you platform. Below are some recommended settings for your meetings (all of which apply to Zoom, so of which apply to other platforms):
- Only host meetings on managed accounts owned by the organization (not free personal accounts)
- Add a password to your meeting and provide it to guests via email
- Add a “waiting room” to your meeting allowing you to screen users before they enter
- For classrooms or webinars, enable the host mute feature, and only allow the host to unmute participants
- Learn how to kick out bad participants, and how to ban them permanently
- Disable any features you don’t need that can be abused such as file transfer, notation, file sharing, screen sharing, private chat, etc.
Getting Started
Many of these recommendations can be implemented by your organization or users after reading this post and other general recommendations. Computer Courage is available to help with this – we can help you select a platform, pick account types, set organization-wide settings, train users, and create documentation for policy or procedure. Contact us to learn more.