A crucial lifeline for many hybrid and fully remote employees is the ever-faithful video conferencing tool. It plays a vital role in keeping employees connected and productive. However, as can be expected, anything being used consistently by many workers will also become an attack target of miscreants. Aside from external threats -- such as software security vulnerabilities that could result in remote code execution, remote controlling of webcams unbeknownst to the participant or denial-of-service attacks -- there are basic hygiene and video conferencing security best practices that will help keep this critical communication tool safe and more private for employees and their employers.
Here are 11 tips to help enterprises adapt to a video conferencing-enabled workforce and set them up for the long haul to host remote meetings in a secure and private manner. Note, these are general recommendations, not vendor-specific ones. Not every product will support these features, but if available, they should be implemented. This list can also serve as a way to qualify existing tools versus other options on the market.
1. Enforce meeting starting rights
Some video conferencing platforms have the option to start a meeting as soon as the first guest arrives -- much like a physical meeting, where attendees stream into a conference room before the host and start chatting. Organizations should disable this option if the meeting requires the host to control the official start of the meeting. This is also critical with meetings getting forwarded and unapproved individuals attending.
2. Enable the waiting room and verify attendees
Beyond enforcing meeting starting rights, using a waiting room option enables meeting coordinators to hold participants until they are granted access. This will further ensure any unwanted guests don't attend.
This article is part of
3. Don't reuse meeting IDs
While having the same meeting ID session after session makes it convenient for the host to share, this is equally convenient for meeting bombers -- aka squatters -- who, once they get ahold of an ID, arrive uninvited and spew nonsense. Never reuse the same meeting ID, especially for important business meetings.
4. Add a meeting password
Beyond creating a unique meeting ID for each meeting, be sure to add a meeting password. While this adds some user friction, it also adds a layer of needed protection, particularly for critical meetings. In the face-to-face world, password authentication would be the equivalent of recognizing each other's faces in a physical conference room. Ensure passwords are strong, and only provide passwords to authorized attendees.
5. Lock the meeting once quorum is reached
Similar to physically locking a room after all the attendees have arrived, many tools can virtually lock the room after all virtual attendees have checked in. This prevents any unauthorized entrants.
6. Remind attendees if a meeting is being recorded
Most tools have a recording option. If a meeting is going to be recorded, for privacy reasons, make it a point to announce this at the beginning, halfway through -- for employees who may have joined late -- and at the end of the meeting.
7. Use a virtual background
With more than one remote employee sharing a house or workspace, having the ability to blur or replace the screen's background is a critical privacy feature. For example, Zoom and Microsoft Teams have virtual backgrounds and offer background blurring. These features prevent any accidental snafus and enable team members to stay focused even in the presence of distracting background activities.
8. Treat the chatroom with caution
As users get more comfortable with video conferencing platforms, additional communication capabilities the programs offer, such as chatrooms, will gain traction. Caution employees to never share confidential information or files in chatrooms. Also, be cautious of potentially malicious links in chatrooms. Video conferencing tools may not offer the same antimalware protection as an email client, for example.
9. Keep software up to date
With many user devices -- laptops, phones and tablets -- at home, the ubiquitous conferencing tool is likely installed on more than one. And, with these tools in the crosshairs of attackers and ethical hackers alike, the frequency of software updates for critical flaws is likely going to increase as well. Be diligent in updating these video conferencing apps more frequently on all devices.
10. Use encryption
When evaluating video conferencing software, ensure it offers encryption capabilities -- end-to-end encryption, if possible. Once installed, enable the available encryption features on the tool.
11. Disable unneeded features
Mute participants on arrival -- or for the duration of the meeting -- if listen-only mode is sufficient. If video is not required, turn it off. Disabling the chat can also prevent leaked sensitive information and the sharing of malicious content.
To prevent potential Zoombombers from screen sharing unwanted content, ensure only the host can screen share. If additional people need to screen share, the host can grant them permission once the meeting has started. Users should also only screen share the necessary applications, not their entire desktop.