Are you as safe as you could be in your virtual world?

cybersecurity virtual meetings May 01, 2020

Just a few months ago, as we said farewell to 2019, no-one had any idea we were in for such turmoil, both personal and professional. No-one foresaw the shift to WFM - working-from-home - that the Covid-19 pandemic would cause.

As infections increased exponentially, so did our adoption of web meeting apps, like Zoom, Webex, GoToMeeting and Google Hangouts Meet.

Suddenly we were using these apps for yoga lessons, worship sessions, school classes, virtual dinners with friends, and chats with the grandkids, as well as meetings with colleagues and clients.

There was an unprecedented increase in the number of people downloading and using videoconferencing apps. Zoom’s official download site saw traffic increase by 535%. The number of people taking part in some form of virtual meeting hit 200 million in March.

Microsoft Teams calculated that on March 12 people around the world were spending about 560 million minutes in virtual meetings using the app. By March 31 that number had shot up to 2.7 billion minutes.

But our rush to embrace virtual encounters comes with a price - our privacy and our security.

So today we want to look at a few ideas to help keep you secure in this new virtual world.

None of us wants to be a victim of a zoom-bombing, when uninvited attendees break into and disrupt your meeting. Zoom-bombing has become so prevalent that the FBI issued a news release to warn people of the threat, after receiving multiple complaints of video conference calls being interrupted by pornographic and/or hate images and threatening language.

According to Morgan Wright, chief security advisor at cybersecurity firm SentinelOne, the rapid expansion of virtual meetings highlights gaps in security and flaws in policies about protecting private and corporate privacy.

Many of us, whether single entrepreneurs or part of larger organizations, are having to navigate these issues ourselves. Big companies caught up in the lockdown have been struggling to come up with policies and safeguards.

“Videoconferencing systems often come with default settings which are open in nature and vulnerable to being compromised,” Mark Rodseth, technical director at digital transformation agency Somo, told the Guardian newspaper.  Default settings such as passwords are not being enabled. Although Zoom rectified this on 4 April and added a waiting-room feature so that you can only join a meeting when the host lets you in, it’s a setting that needs to be checked no matter what collaboration app you are using.

Here are some of the latest security tips from Zoom:

  • Use the Waiting Room 
    The Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. Meeting hosts can customize Waiting Room settings for additional control, and you can personalize the message people see when they hit the Waiting Room so they know they’re in the right spot. This message is also a chance to post any rules/guidelines for your event.
  • Manage your participants
    Allow only signed-in users to join. This is useful if you want to control your guest list and invite only those you want at your event — other students at your school or colleagues, for example.
  • Lock the meeting
    When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one). In the meeting, click Participants at the bottom of your Zoom window. In the Participants pop-up, click the button that says Lock Meeting.
  • Don’t give up control of your screen
    You do not want random people in your public event taking control of the screen and sharing unwanted content. You can restrict this in the host control bar, so that you’re the only one who can screen-share.
    You can also lock the Screen Share by default for all your meetings in your web settings.
  • Set up your own two-factor authentication
    You don’t have to share the actual meeting link. Generate a random Meeting ID when scheduling your event and require a password to join. Then you can share that Meeting ID on Twitter but only send the password to join via DM.
  • Remove unwanted or disruptive participants
    From that Participants menu, you can mouse over a participant’s name, and several options will appear, including Remove. 
  • Mute participants
    Hosts can mute/unmute individual participants or all of them at once. Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can also enable Mute Upon Entry in your settings to keep the noise down in large meetings.
  • Turn off file transfer
    In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, GIFs, memes, and other content.

Here are a couple more tips from the Guardian article:

  • Ensure that you are using a different strong password for each application. The reuse of passwords enables attackers to access several accounts if just one gets compromised.
  • Use a password manager. Set different passwords for every app. Built-in password generator functions will ensure each password is a strong one.
  • Don't overlook the security implications of what’s on view behind you when you’re in a video meeting… all those sticky notes with names, numbers and login credentials stuck on a noticeboard or wall. Some apps offer a ‘blur my background’ feature, or allow you to select a virtual background.

Bottom line: all these convenient apps come with a downside. Just make sure you know the risks and how to ramp up the security settings on whatever app you use.