Please note: This blog is current to the date of its publication, Tuesday, April 28. For additional updates or assistance navigating these uncertain times, please contact us or visit our SST COVID-19 resource page.
Earlier this month, The Washington Post published an article about the security risks associated with popular video conferencing software, highlighting that thousands of personal videos had been left visible on the open web, including telemedicine sessions, team orientations containing names and addresses, confidential company financial meetings, elementary school classes and more.
The Federal Bureau of Investigation (FBI) published the following tips for mitigating teleconference hijacking threats:
- Do not make meetings or classrooms public. Most video conferencing software offers two options to ensure that a meeting is private:
- Requirement of a meeting password or use the waiting room feature
- Controlled admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted, publicly available social network. Provide the link directly to specific attendees via a secure platform.
- Manage screensharing options to limit hijacking. If possible, change screensharing settings to “Host Only.”
- Ensure users are using the most up-to-date version of the teleconference application.
- Lastly, ensure that your organization’s telework policy or handbook addresses specific requirements for information security.
Although most teleconference platforms are scrambling to address security risks, we cannot ignore the real threat: end-user behavior.
As cyber criminals become more and more sophisticated, exploitation of these helpful applications serves to further highlight the need for consistent, organization-wide cybersecurity training and technical use policies.
SST can help evaluate your current security risks and assist with necessary action plans and training. For more information, contact us today.
Special thanks to SST’s Operations Supervisor Ashley Henson for providing the content for this post.