April 13, 2020
Due to social distancing, organizations have moved to holding remote meetings. Using Zoom, WebEx, Facebook Live and YouTube Live are great ways to continue to communicate. As with any technology hackers have found a way to disrupt meeting displaying pornographic pictures and shouting racial slurs. To prevent attacks, Dewpoint recommends implementing the following security practices.
- If possible, add a password or pass code (with at least six digits) to all meetings so only invitees may join
- Take roll call for meetings (if small enough), ejecting any participants who are not recognized or do not respond to a roll call
- Disable chat functions by default
- Start by muting all participants, using features such as “raise your hand” before someone can speak or post a question
- Protect screen sharing and presenter functions so only the meeting owner can enable or use these functions
- Ask a moderator to work the meeting with you, watching for and stopping bad behavior as soon as it occurs
- Update the software you are using to the latest version to patch recently discovered security holes. This is extremely important if using Zoom, since hackers are targeting Zoom meetings for disruption.
- Consider switching to an “End-to-End Secure” remote meeting service such as Microsoft Teams.
If your organization can not switch to more secure platform, here are some specific recommendations based on the technology you may be currently using:
Help with Securely Using Zoom for Remote Meetings
- Use a unique meeting identifier, not your Personal Meeting Identifier (PMI), since you can become a target after a large public meeting since the hackers have your PMI
- Create a waiting room so participants cannot interact until the meeting starts; trolls will use the time before a meeting to start attacking other participants
- Limit screen sharing to only the host
- Lock your meetings until after they have started
- Turn off meeting recording except for the moderator
- If possible, restrict joining the meeting to a specific email domain such as @dewpoint.com.
Securing WebEx for Remote Meetings
- Keep meetings unlisted and by invitation only
- Require users to login, meaning they have to create a valid WebEx account first. We understand this may not be viable for public meetings.
- Do not allow participants to “join before host”
- Lock rooms within ten minutes of starting a meeting
- If meetings must remain unauthenticated, require manual admission to a meeting from the waiting room. For this to work in large meeting, assign a separate moderator.
Improving Facebook Live Meetings
- Consider making an invitation only group to host the video to limit and block participation to prevent hackers since public pages cannot be secured or limited.
- Once the meeting is complete, repost the video on your public website and organization’s Facebook page.
YouTube Live Broadcast Advice
- Disable live Chat unless it is needed, using a secondary question/comment screening mechanism
- Download and repost your video rather than just having a YouTube link.
- Watch your live analytics to gage participation
In addition to good security practices, a few simple steps (prior to using the technology) will improve the quality of your meeting:
- Make sure your connection is stable and has been speed tested to avoid lag, digital noise and making video unusable
- If possible, use a direct wired network connection instead of wireless
- Test your microphone and camera in advance to ensure sound and video quality
- Use a secondary service such as email or Twitter for users to submit questions or comments allowing for screening of large public meetings and to enforce meeting civility
Dewpoint can help you make sure your network and meetings are secure. For more information, just click on the link to submit your question or for assistance at https://www.dewpoint.com/contact/
