Security Practices to Prevent Hackers during Remote Meetings
April 13, 2020
Due to social distancing, organizations have moved to holding remote meetings. Using Zoom, WebEx, Facebook Live and YouTube Live are great ways to continue to communicate. As with any technology hackers have found a way to disrupt meeting displaying pornographic pictures and shouting racial slurs. To prevent attacks, Dewpoint recommends implementing the following security practices.
If possible, add a password or pass code (with at least six digits) to all meetings so only invitees may join
Take roll call for meetings (if small enough), ejecting any participants who are not recognized or do not respond to a roll call
Disable chat functions by default
Start by muting all participants, using features such as “raise your hand” before someone can speak or post a question
Protect screen sharing and presenter functions so only the meeting owner can enable or use these functions
Ask a moderator to work the meeting with you, watching for and stopping bad behavior as soon as it occurs
Update the software you are using to the latest version to patch recently discovered security holes. This is extremely important if using Zoom, since hackers are targeting Zoom meetings for disruption.
Consider switching to an “End-to-End Secure” remote meeting service such as Microsoft Teams.
If your organization can not switch to more secure platform, here are some specific recommendations based on the technology you may be currently using:
Help with Securely Using Zoom for Remote Meetings
Use a unique meeting identifier, not your Personal Meeting Identifier (PMI), since you can become a target after a large public meeting since the hackers have your PMI
Create a waiting room so participants cannot interact until the meeting starts; trolls will use the time before a meeting to start attacking other participants
Limit screen sharing to only the host
Lock your meetings until after they have started
Turn off meeting recording except for the moderator
If possible, restrict joining the meeting to a specific email domain such as @dewpoint.com.
Securing WebEx for Remote Meetings
Keep meetings unlisted and by invitation only
Require users to login, meaning they have to create a valid WebEx account first. We understand this may not be viable for public meetings.
Do not allow participants to “join before host”
Lock rooms within ten minutes of starting a meeting
If meetings must remain unauthenticated, require manual admission to a meeting from the waiting room. For this to work in large meeting, assign a separate moderator.
Improving Facebook Live Meetings
Consider making an invitation only group to host the video to limit and block participation to prevent hackers since public pages cannot be secured or limited.
Once the meeting is complete, repost the video on your public website and organization’s Facebook page.
YouTube Live Broadcast Advice
Disable live Chat unless it is needed, using a secondary question/comment screening mechanism
Download and repost your video rather than just having a YouTube link.
Watch your live analytics to gage participation
In addition to good security practices, a few simple steps (prior to using the technology) will improve the quality of your meeting:
Make sure your connection is stable and has been speed tested to avoid lag, digital noise and making video unusable
If possible, use a direct wired network connection instead of wireless
Test your microphone and camera in advance to ensure sound and video quality
Use a secondary service such as email or Twitter for users to submit questions or comments allowing for screening of large public meetings and to enforce meeting civility
Dewpoint can help you make sure your network and meetings are secure. For more information, just click on the link to submit your question or for assistance at https://www.dewpoint.com/contact/