With my NICyber hat on last week I helped run a webinar about the new challenges facing us all in this new normal that we now find ourselves. In this post, I will share some additional thoughts about some best practices for video and screensharing tools.
We’re all working and meeting remotely (or virtually as some people like to call it) and relying on technology which many are still becoming accustomed to. As an example, there has been an increase in downloads of zoom by 1000% as we all strive for a place to communicate and share effectively. It’s really important that with the rise of remote working we don’t suddenly start to accept the use of technology which might have issues, shadow IT can cause data breaches or compromises to take place when users adopt them without talking to their IT or security teams first.
Unfortunately, these environments aren’t without their issues and with many eyes come many vulnerabilities. In many cases we will be sharing highly sensitive material over video conference and screenshares and the chat functions associated with them.
There have been examples recently of issues on Zoom including:
- Zoom bombing – where meetings without passwords are joined by random attendees
- Technical compromises giving remote users the ability to hijack and control a webcam and potentially the ability to run applications as the remote user.
- Data being sent to Facebook each time the app was opened on an iOS device even if the user wasn’t a Facebook user.
Some of the above items have now been addressed by providers, for instance passwords are now enabled by default for all meetings in Zoom to prevent malicious users joining meetings. Even with that in mind, it is still important to consider carefully how we’re using technology to communicate effectively.
There are some tips below for helping you to run safe and secure remote/virtual meetings:
- Chat with your IT/Security people first, which tool do they recommend you use? It’s worth asking them, some may be happy with you using Zoom, others will ask you to use Teams or GoToMeeting so that they can provide support. Just because our working environments have changed, it doesn’t mean acceptance for all shadow IT products.
- Set a password for your meeting, many platforms now compel you to do this but not all.
- Be cautious before clicking on links in chat, especially if you see links starting with \\ or similar.
- Keep an eye on the participants in your meeting and ensure that you can remove users which don’t belong
- Like with all software, make sure you are running the latest version, they may not be perfect but at least it gives you a fighting chance.
- Be aware of whether the session is being recorded, you may need to consider data protection implications especially with sensitive data.
- Be cautious before sharing documents through the conferencing tool, always use company approved methods for sharing.
- With many platforms it is possible to lock a meeting when all participants have joined, it’s best to take advantage of this feature.
- Don’t share links to your sessions in public forums, send them by email or calendar request.
Some interesting reading on this topic can be found in the links below:
https://www.itnews.com.au/news/zoom-for-windows-leaks- network-credentials-runs-code-remotely-545883
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.