The coronavirus/COVID-19 global pandemic has ushered in a "new normal." Working from home lead to video conferencing and Zoom Meetings. Pre-pandemic, Zoom meetings were for desk jockeys across corporate America. Now, corporate America is out of the office park and into the home, and Zoom has become ubiquitous as the go-to web app to set up everything from an action-item meeting to a virtual birthday party.
But with such convenience comes great security and privacy risks. Enter the "zoom-bomb." Like a stranger wandering into your office off the street, a zoom-bomber gets ahold of the Zoom link and gate-crashes the meeting. These uninvited trolls will often subject your attendees with distracting, even disturbing content.
So, what options do we have, if not Zoom? Going back to the telephone? Well, maybe. But videoconferencing is a helpful service to assist businesses and people in keeping a connection while social distancing. As such, videoconferencing is here to stay.
However, the Federal Trade Commission [1] has put out ten helpful security tips to ensure the "shields are up" while Zooming or participating in other types of video conferencing:
Block the Uninvited
Take steps to ensure only invited participants are able to join your meeting. People may call it "zoom bombing," but it's a consideration across all kinds of platforms: uninvited people showing up on video conferences. What can your company do to reduce the risk? Some services allow hosts to password-protect a meeting. Others limit access by providing unique ID numbers for each meeting or for each participant. These features may not be enabled by default, so look carefully at what settings are available. If you host recurring meetings, most services allow you to create new passwords or ID numbers for each meeting. That method is more secure than reusing old credentials, so establish that as the policy for your employees.
Check Your Tools
Take advantage of other tools to limit access to meetings. Conferencing services may give the host the option to lock the meeting once the expected participants have arrived, preventing others from joining. For the greatest level of control, hosts can enable settings allowing them to approve each participant trying to join in. You also may have the ability to remove individual users from the meeting should the need arise.
Beware of the Hot Mic
When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear you as soon as you join a meeting. If you don't want to share sound or video, most services allow you to mute yourself or turn off your camera. You may be able to adjust the default settings so your preferences are stored for the next meeting or – depending on the service – you may need to adjust your settings at the beginning of each call.
Are You Being Recorded?
Check to see if your video conference is being recorded. Many services allow the host to record the meeting for future reference. The service should display some indicator you're being recorded – for example, a bright red circle or the word "recording." But remember that a meeting may be recorded even if these indicators don't appear. We've heard reports of video conferences that have been shared online without participants' knowledge. The safest strategy is to assume you might be recorded and, if possible, avoid sharing private information via video conference.
Check Your Screen Before You Share Your Screen
Be careful before sharing your screen. Most services have functions to allow you to share with the group what's on your screen – for example, a slide show. But before sharing your screen, make sure you don't have open documents, browser windows, or other things on your screen you don't intend for others to see. Some services have options that allow the host to turn off screen sharing or to limit its use to the host.
Confirm Your Video Invite
Don't open unexpected video conference invitations or click on links. With the upsurge in video conferencing, malicious actors are sending emails mimicking meeting invitations or other communications from conferencing services. To add authenticity, they may copy the logo and look of familiar names in the business. But instead of taking you to a conference, those links may contain viruses or install malware on your computer. The safer practice is to tell your staff or your clients in advance that you have a teleconference planned for a certain time and they should expect an invitation with your name. If they get an invitation they didn't expect, tell them not to open it and definitely don't click on any links. Another tip to help foil video conference imposters: If the service you're using requires you to download an app or desktop application, make sure you download it directly from the service's website or a platform's app store.
Too Sensitive to Video Conference
If confidentiality is crucial, video conferencing may not be the best option. No conferencing service can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics. Evaluate whether an enterprise service would provide greater security for your company and clients, rather than free services available to the general public. If you're conferencing remotely with a health care provider, ask about dedicated telehealth conferencing services that can include more safeguards to keep information private.
Read the Policy
Before using a conferencing service, review key provisions in the service's privacy policy to understand how your information will be handled. What information does the conferencing service collect about you? Does the privacy policy limit the company from using your information for purposes other than providing their conferencing service? Finally, does the conferencing service share your information with advertisers or other third parties?
Updates = Security
Update your video conferencing software. As security issues arise, many video conferencing companies are updating their software with patches and fixes. That's why it's important for your business to use the improved version. Of course, only accept updates directly from the service's website.
Video Conference Policy
Establish preferred video conferencing practices at your business. Your employees are doing their best to maintain productivity during a trying time. But a well-meaning staffer may inadvertently put sensitive data at risk by enabling video conferencing services that don't meet your company's privacy or security standards or that could be out-and-out malware. Share these ten tips with your team, establish company-wide video conferencing dos and don'ts, and emphasize the need to select the more secure options when hosting or joining video conferences.
RFL – Here to Help
As always, the professionals at Rosenberg Fortuna & Laitman, LLP are available to assist and answer any questions you may regarding these issues. Please do not hesitate to contact us.