Video Conferencing Tips: Part I
#1 When deciding on a video conferencing service, first, examine the security features of existing corporate video conferencing service (if any) before procuring or switching to a new platform. This would allow easier integration with existing audit and monitoring capabilities, and staff would be more familiar with administering and using the service.
#2 Use a company-wide baseline to configure and set your default settings for the corporate video conferencing application, taking into account the usability and security factors. For example, allowing selected users to share their screens and contents, and prohibiting others.
#3 “Password-lock” all meetings. Share the password with participants via separate emails instead of including it within a calendar appointment, which might be viewable by everyone in your organisation.
#4 Configure all user accounts based on least privilege and need to know/do principles. For example, providing only certain user accounts with more privileges to configure the access logs, transcripts or recordings, instead of all users.
#5 Configure meeting settings to allow participants and guests to be admitted into meetings through invites only. Additional measures that could be put in place includes the use of a waiting area, where participants can only be admitted upon verification of their identity.
#6 When deploying video conferencing applications onto user devices, configure the app to disable prompts that asks participants joining the call to download the app on their device. By enabling such prompts, it will normalise running arbitrary apps from the internet, making your organisation more susceptible to phishing.
#7 When using external video conferencing technologies, reach out to the vendor to understand the best way to report suspicious activities. Also, remember to report all suspicious activities to your cyber-security team or department immediately.
#8 Organisers should “lock” the meeting as soon as all invitees have joined to prevent unknown participants from entering the meeting. There have been cases of video conferencing meetings being hijacked by unidentified individuals, causing disruption to the meetings.