Virtual meetings and video conferencing have suddenly become a big part of our daily life and work. However, malicious actors have taken advantage of that to hijack teleconferences in business and education. Follow these best practices to secure your virtual meetings and video conferences.

Zoom

It’s popular and easy to use. However, the FBI has warned about teleconference hijacking or “Zoom-bombing” based on reported incidents. Zoom admits that the overnight widespread adoption of its product has caused it to be used at an unanticipated level. As a result, they have been steadily releasing security enhancements. Mitigate the threat of hijacking and secure your virtual Zoom meetings by following these best practices:

  • Make sure you have the latest updates. For example, the 4/1 Zoom update turned off the attendee attention tracker that was causing serious privacy concerns. As of 4/7, a new security icon in Zoom allows the host or co-host of a meeting to enable or disable options during a meeting to secure the meeting and minimize disruption during the meeting.
  • Do not make meetings public: require a password or use the waiting room so you can control who is admitting.
  • Provide the meeting link directly to specific people.
  • Change screensharing to “Host Only”. Note, this can now be done using the new security icon that was released on 4/7/20.
  • Be mindful about recording meetings. We recommend only recording a meeting when there is a business need to do so.

Microsoft Teams

Invario uses Microsoft Teams for our virtual meetings. Teams is available free for companies with an Office 365 license. Always be sure to use the latest version. As of early April, Microsoft was in the process of rolling out new features to make Teams more “Zoom-like” by adding custom backgrounds and a “raise hand” capability.

Like Zoom, Teams has grown exponentially as more people are working from home. Also like Zoom, Microsoft offers privacy and security controls to allow you to manage who participates in your meetings and who has access to meeting information. We recommend following the same best practices noted above. You can also designate “presenters” and “attendees,” and control which meeting participants can present content and even remove participants during a meeting if necessary.

Microsoft claims that “advanced artificial intelligence (AI) monitors chats to help prevent negative behaviors like bullying and harassment” during meetings, but we haven’t personally tested that feature at Invario.

Google Hangouts/Hangouts Meet

In response to the coronavirus crisis, Google is giving free access to their advanced Hangouts Meet video-conferencing capabilities for all G Suite and G Suite for Education customers. Premium features are free through September 30, 2020.

According to the company, “Google Meet’s security controls are turned on by default, so that in most cases, organizations and users won’t have to do a thing to ensure the right protections are in place.” Google Meet is also rolling out security features specifically aimed at educators, such as the ability to assign meeting creation privileges to teachers and staff only.

Data Encryption

There has been some debate over “end-to-end” encryption when it comes to Zoom. The company admitted that what they claimed to be “end-to-end” might not meet the “commonly accepted definition of end-to-end encryption”.

Neither Google hangouts nor Microsoft Teams claim to have full end-to-end encryption. However, Google and Microsoft publish transparency reports that describe exactly how many government requests for user data they receive from which countries and how many of those they comply with. Zoom has not published a transparency report, so we don’t know what government requests (if any) they receive.

Feedback

If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson