Security Advice For Using Video Conference Tools

Uploaded on 2020-04-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cyber security experts are warning people that the video meeting programs we now rely on might not be as secure as some might think. “Zoom bombing” is becoming a trend where people who are not supposed to be able to access Zoom meetings are getting in anyway.  The experts say that people using the program should double check their privacy settings, and shouldn’t post the link to zoom meetings on public forums unless necessary. 

Telecommuting and home-based learning is the new normal and people around the world are using video meetings and its essential that you know how to use video conferencing tools safely. 

In Singapore more than half a million students will be on home-based learning and even more adults will use video meeting working from home.One day after the start of the home-based learning period on April 8 the Singapore Ministry of Education announced that it was suspending Zoom following one incident in which hackers hijacked some students’ Zoom stream and showed pornographic content.

Similar “Zoom bombing” incidents have been reported around the world. In the wake of this and other privacy and cyber security concerns. Zoom has improved some of its security features and meeting controls. So what should users take note of to prevent themselves from becoming victims of harassment, privacy loss and eavesdropping when using video conferencing tools ?

Five Top Tips

  • It is vital to use the latest version of the software so that the bugs of the past would have been removed or fixed.
  • Remember that companies such as Zoom collect personal data such as name, email address, phone number, job title and even employer, as well as the IP address and device being used. Furthermore, if users sign in using Facebook, information will be collected from the Facebook profile. To retain some privacy, avoid using Facebook to sign in. 
  • Do not share your meeting link on public forums or on social media as this makes it easier for unauthorised persons to gain access to your meeting.
  • Familiarise yourself with your platform’s features and settings so as to be secure and protect your virtual space. For instance, Zoom has a “Waiting Room” feature that enables the host to manage the people who join and leave the meeting. Using this feature will enhance your security when hosting a meeting.
  • Users should refrain from using one’s Personal Meeting ID (PMI) to host events for the public. One’s PMI is a personal virtual meeting space that should not be open to others, except for close and trusted colleagues or users.

While using their video cameras during a Zoom session, users who want to increase the privacy level and prevent others from seeing the details of their physical background or surroundings can activate the virtual background feature such as a scene from the beach. You can choose to switch off your camera, if the video feature is not required.  

As a host of meetings or conferences, you can take extra precautions. For example, you should retain control of the screen.
Before and during a meeting, you can restrict the ability to screen share, so as to prevent others from sharing undesirable content or snatching control of your screen.

  • Additional security measures include setting up a two-factor authentication. Users can then only get access if they have the randomly generated meeting ID and a password. This enhances the level of security and limited access.
  • Another approach is to only enable signed-in or pre-invited users to join in the meeting.
  • You can “lock the meeting”. This Zoom feature allows the host to prevent others from joining the meeting. In this way, those with the meeting ID and password also cannot enter this virtual meeting room, once it is “locked”.     
  • To increase security and control as a host, you can exercise the option to remove disruptive and undesirable participants from the meeting.
  • You can  put the participants on hold and temporarily disable their video and audio connections to reduce noise and prevent interference.  

Such features will be useful for educators when they are using video-conferencing tools with an excited or vocal group of students.

Besides Zoom, there are other video-conferencing options such as Skype, though it has a limit of a maximum of 50 users per session. Users might also consider using  more secure platforms for business, like Google Meet and Facetime. Microsoft Teams is another free and popular video-conferencing platform with file and screen sharing features, capable of hosting up to 250 participants in a meeting.

Microsoft Teams and Google Meet require users to have accounts with them, whereas Zoom allows users to participate using their web browsers.  

Another leading provider is Cisco Webex, which offers a secure video-conferencing platform that does not require participants to have a Webex account to join the online meetings. Its free version can host up to 100 participants, with a range of features including a white board function and no time limit for meetings.  

Ultimately, each video-conferencing option has its strengths and limitations and the onus is on users to examine the security features carefully and use them effectively. Companies offering video-conferencing tools should highlight to users their security features and make a number of these features the default standard mode of use.

Parents and teachers could also educate their young to be aware of the importance of cyber security and to apply security measures when they are online. Cyber security is an essential life skill to protect us from online dangers and viruses, as we work and learn at home, while we fight the Covid-19 pandemic.

Today Online:     Today Online:       ABC News:      Technical.ly Baltimore:

You Might Also Read:

Hackers Are Exploiting Remote Workers:

 

« Quantum Computing, Hackers & The Internet of Things
Addressing Cyber Threats With Positive Action »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.