If you’re one of the many knowledge workers who pivoted fast to working from home (WFH) last year, you probably never considered the wide range of dangers posed by video conferencing tools. Yet they are very real and very present each time you host or participate in a video conference. So real, that the FBI has even issued a warning about using Zoom. Take a few minutes and read below to learn how to safeguard your device, your organization and yourself as you enjoy the new WFH normal.
Step 1: Use only approved tools from trusted sources
You receive all kinds of requests to join conference calls with partner organizations, contract workers and other people from outside your organization. If someone sends you a link to a tool that your IT department has not approved, decline the invitation. Explain your reason to the person who sent the invitation as they’re likely unaware of the risks.
If you are uncertain about a tool’s status, check with your IT department. Now, if you’re in a jam and absolutely must join a video conference (regardless of the tool used), join only by your web browser. In other words, do not install the video conferencing software when prompted. Instead, click the “Join by this browser” button (as shown below).
Also, make sure the invitation is legitimate. If you are not expecting a meeting with the person who invites you, contact them in a separate email or phone call and ask them if they intended to invite you and why. It’s possible that they got hacked and that you are receiving an invitation that is bogus.
Step 2: Make your hosted meeting secure
This step is a big one, as you actually have more responsibility than most people assume when hosting a video conference. Do you adjust your security measures based on who will attend? What happens if a hacker crashes your call? How do you prevent a competitor or hacker from spying on your meeting?
First, to prevent a rogue attendee from ruining your meeting, avoid making your meetings public whenever possible. If you need to host a public meeting, give yourself the option to mute all attendees and give yourself control over selecting who can share their screen.
Speaking of controlling attendees, control who attends by providing a meeting link directly to the individuals you want to attend. Then, send a separate email to them that has the passwords. For even greater security, use randomly generated meeting codes (if your tool offers them) and never use the same code twice. As attendees join your meeting, monitor who has joined. Once everyone has joined, lock the event.
Next, know ahead of time how to terminate your meeting – the circumstance under which you would do so, who has the authority to terminate it and how that should happen.
Secure private meetings. For private meetings, require a meeting password and use features such as a waiting room to control the admittance of guests. For enhanced security, use randomly generated meeting codes and strong passwords and do not reuse them. Do not share a link to a teleconference on an unrestricted, publicly available social media post. If possible, disable allowing participants to join a meeting before the host and automatically mute participants upon entry.
Finally, prior to any meeting, know who is responsible for shutting down a problematic meeting and what specific steps they should take. You (and your organization) should know the answers to such questions as a matter of organizational policy.
Step 3: Safeguard your information
People often share information (intentionally or not) when they participate in video conferences, particularly when they are informal or regularly scheduled meetings. Always keep in mind, you should never share any data or information beyond what you need to achieve the meeting’s goals.
First, know from your organization’s legal team whether or not you are allowed to record calls. If you are recording, inform all attendees of that fact and explicitly remind them to not say anything that might compromise security or even their own personal matters. This happens far too often during the ‘small talk’ that happens at the beginning and end of meetings.
Before sharing your screen, close all windows or applications that may reveal sensitive data. Only make visible the content which must be shared. This also means you should hide the address bar when you display content from your organization’s intranet sites.
Step 4: Protect anything and everything personal
Video recording software can sometimes ‘pick up’ conversations that may be happening far away from your computer. Prior to joining any video conference, remind everyone in your household (or vicinity) that you are joining a recorded session that may capture any sensitive or personal discussions they are having. To avoid inadvertently revealing personal details based on items within your home, use blurring capabilities of the software or make sure you point your camera and maintain its position on a discreet background.
To avoid compromising the personal information of your colleagues, make sure your home security camera does not point toward your screen. Also consider using headphones to protect what they say, especially if you live with roommates.
Finally, protect your home network from intrusion. At a minimum, change your Wi-Fi default setting to custom information that will not be obvious to a potential hacker. Then, share this information only with people you trust. For details on selecting settings and establishing passwords, check out our Top 10 Tips for Secure Remote Work.
Conclusion: There’s more to video conference safety than most people assume
As you can see, there is quite a bit to consider before jumping onto your next video conference—especially if you are the meeting host. Try the suggestions above and share this blog with your colleagues to keep yourself and your organization safe.