How to keep your video conferences private.
If the pandemic has caused the proliferation of anything, it has exploded the world of video conferencing. When any technology becomes an overnight mainstay, however, hackers take advantage. “Zoom-bombing” has surfaced. Big time.
Reports of conferences being disrupted by pornographic and/or hate images and threatening language caused the FBI’s Boston office to issue a warning for users of video conferencing platforms, outlining Zoom’s password problems and how hackers were able to discover meeting IDs and passwords for Zoom meetings.
According to Computer World’s Keith Shaw, while many video conferencing products include security settings that can prevent such incidents, the bad news is that it’s often left to users with no security training to configure these settings. As part of its advisory, the FBI offers safety tips for companies, schools, and individuals using videoconferencing services.
Shaw advises not to use consumer-grade software or online plans for business meetings. “Consumer tools most likely don’t have all the administrative tools you need to lock things down,” he says. “While no video conferencing service can guarantee 100% protection from threats, you’ll get a more complete set of security tools with products geared for enterprise use. He also recommends not using “waiting room” features in conferencing software. “Such features put participants in a separate virtual room before the meeting and allow the host to admit only people who are supposed to be in the room.”
Password protection is, of course, vital, says Shaw. “Zoom now auto-generates a password in addition to a meeting room ID. Make sure that your service uses both a meeting ID number and a string, but in addition, that it also has a separate password or PIN. If the service lets you create a password for the meeting, use password creation best practices — use a random string of numbers, letters, and symbols; don’t create an easily guessable password like ‘123456.’” Another tip? Don’t share links to teleconferences or classrooms via social media posts. Instead, invite attendees from within the conferencing software — and tell them to not share the links. Same goes for screen-sharing by default. “Your software should offer settings that allow hosts to manage the screen sharing. Once a meeting has begun, the host can allow specific participants to share when appropriate.”
If it isn’t necessary to see everyone’s faces, Shaw advises turning off your webcam. “Listening in via audio prevents possible social engineering efforts to learn more about you through background objects. Audio-only also saves network bandwidth on an internet connection, improving the overall audio and visual quality of the meeting,” he says. And once all participants are in attendance, lock the meeting. Shaw says disclosure is always the best way to go. “If you record a meeting, make sure all participants know they are being recorded (the software should indicate this, but it’s good practice to tell them too) and give the recording a unique name when you save it.
Shaw points out that what’s different now compared to previous security threats is that a whole new set of technology users — students, teachers, family members and small organizations like karate, fitness, and dance studios — are utilizing videoconferencing to run classes, often without any IT or security support behind them.