Protecting Privacy in Virtual Meetings
Video conferencing presents great benefits and great risks. Consider these precautions.
Video conferencing has been a powerful business tool for many years, but its impact over the past year has been profound. It became an absolutely essential tool for remaining operational in the face of strict travel limitations and social-distancing requirements. Most analysts expect that work will remain a hybrid of virtual and in-person experiences for the foreseeable future, largely because of the effectiveness of video conferencing.
While virtual meetings are a proven alternative to face-to-face meetings, organizations must use the technology with caution. Without proper precautions, video conferencing can introduce a range of privacy and security risks. Most video conferencing apps and services have built-in security features, but malicious actors often find their way around them. In some cases, trolls simply interrupt meetings with loud noises or offensive imagery. In more sinister cases, cybercriminals will covertly join meetings in order to steal sensitive information or network credentials.
Given the potential for malice, organizations and their employees must remain vigilant when using these tools. Here are a few suggestions for making virtual meetings as secure as possible:
Use end-to-end encryption (E2EE). This is the best way to protect sensitive information as it ensures the video can only be seen by the users involved in a meeting. It also keeps stored data, such as recorded conferences, encrypted at rest. Almost all video meeting apps and services offer some degree of encryption, but many don’t have true E2EE. In some cases, they offer “encryption-in-transit” in which videos are encrypted on the sender’s end, delivered to a server where they are decrypted and re-encrypted before being delivered to the recipient. That creates an opportunity for a malicious actor gain access at the server.
Limit reuse of access codes. Meeting organizers typically send email invitations including an access code or a meeting ID number that participants use to log in to a specific conference. If organizers use the same codes for multiple meetings with different parties, it can result in people joining meetings they weren’t meant to attend. That can either be a minor annoyance or a huge security breach, depending on the topics being discussed. Worse yet, it increases the risk of a malicious actor stealing or guessing a code and gaining access to confidential information.
Use a secure connection. Remote workers usually depend on their home Wi-Fi networks to establish video connections. They should change the default passwords for both the network and the wireless router and enable either WPA2 or WPA3 wireless encryption. Never use public Wi-Fi networks when connecting with the corporate network. Hackers often mimic the names of legitimate public networks or create rogue access points to hijack a session and steal credentials.
Be a virtual doorman. Some conferencing apps and services allow meeting organizers to create a virtual waiting room where intended participants gather before a meeting. This allows organizers to control who is actually permitted in the meeting. Some also allow organizations to lock meetings once everyone has arrived, preventing others from joining unannounced.
Check features and settings before meetings. Very often, video and audio are on by default when participants join a meeting. That can lead to awkward or embarrassing images or statements being unintentionally shared. Organizers should also disable features that would allows someone to record a meeting or copy screens without explicit permission.
Be wary of private chats. Many services allow private, one-to-one chat sessions between meeting participants. Use that feature carefully, however. In Zoom, for example, if the meeting host records the meeting locally, those private chat exchanges will also be recorded and saved to the minutes folder for others to see.
Use screen sharing carefully. Screen-sharing features allow participants to share a presentation or document that’s on their desktop screen. It’s a good idea to close open documents, browser windows or anything else on the desktop that others aren’t supposed to see. People have been fired for inadvertently sharing inappropriate or confidential content.
Assess the background. Check to see what background items will be visible to other participants during a meeting. Move any personal items or photographs that should be kept private. Some services allow users to download an image to use as their background.
Keep the software updated. Outdated or unpatched apps can create openings for hackers to exploit. It’s a good idea to either enable automatic updates or establish a routine to check for new versions and security patches on a regular basis.