NIST

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

March 17, 2020
By: Jeff Greene

https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings

From the article:

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.

So…where to start? Most virtual meeting services have built-in security features, and many providers will give you some basic security suggestions.

Regardless of your provider, here are a few simple options for holding a secure virtual meeting:

Follow your organization’s policies for virtual meeting security.
Limit reuse of access codes; if you’ve used the same code for a while, you’ve probably shared it with more people than you can imagine or recall.
If the topic is sensitive, use one-time PINs or meeting identifier codes, and consider multi-factor authentication.
Use a “green room” or “waiting room” and don’t allow the meeting to begin until the host joins.
Enable notification when attendees join by playing a tone or announcing names. If this is not an option, make sure the meeting host asks new attendees to identify themselves.
If available, use a dashboard to monitor attendees – and identify all generic attendees.
Don’t record the meeting unless it’s necessary.
If it’s a web meeting (with video):
Disable features you don’t need (like chat, file sharing, or screen sharing).
Consider using a PIN to prevent someone from crashing your meeting by guessing your URL or meeting ID.
Limit who can share their screen to avoid any unwanted or unexpected images. And before anyone shares their screen, remind them not to share sensitive information inadvertently.
This list is not all-encompassing, nor must you use every tool for every virtual meeting. Know your organization’s policies, think about the sensitivity of the topics to be discussed, factor in the logistics of the meeting, and pick the measures that make sense for each situation. Remember to trust your own judgment!

Screen Shot 2020-04-16 at 10.28.06 AM.png