Virtual Meeting Security Best Practices
Ensure the security of your virtual meetings by following best practices to mitigate threats like teleconference hijacking. Consider tools like Zoom, Skype, Webex, and others to host secure meetings. Avoid making meetings public, manage screen-sharing options, use waiting rooms, validate participant lists, limit presenters, and disable unnecessary features like file sharing. Stay vigilant to maintain data security and compliance with company policies.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Cybersecurity Tips and Tools Virtual Meeting Security Considerations
Texas Gateway https://www.texasgateway.org/ Cybersecurity Tips and Tools 2
How to secure your virtual meetings from uninvited guests HBR Staff/Tim Robberts/Getty Images 3
Virtual Meeting Security Considerations Every LEA should make the decision on what meeting tool to use based on their level of comfort with the security within the tool. Vulnerabilities and security exposures exist in software which is why it is critical to take proper precautions and protect your end-users ensuring you are following best practices so that your meetings remain secure. 4
Tools Available to Host Virtual Meetings Zoom Skype and Teams Webex GoToMeeting Adobe Connect Blackboard Collaborate Google Meet 5
How to Secure Virtual Meetings The following steps can be taken to mitigate teleconference hijacking threats: Do not make meetings or classrooms public. Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people. Manage screensharing options. https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing- and-online-classroom-hijacking-during-covid-19-pandemic https://www.askit.ttu.edu/portal/app/portlets/results/viewsolution.jsp?guest=1&solutionid=2003211837 30407 6
How to Secure Virtual Meetingscontinued Use a waiting room to manage participants joining prior to the host or rejoining after leaving the meeting; validate the participant list against invited attendees. Limit who can join meetings as a presenter; enable only specific individuals to help co-host the meeting. Keep in mind, data security and compliance with applicable company policies must still be maintained. https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing- and-online-classroom-hijacking-during-covid-19-pandemic https://www.askit.ttu.edu/portal/app/portlets/results/viewsolution.jsp?guest=1&solutionid=2003211837 30407 7
How to Secure Virtual Meetingscontinued Disable file sharing, if possible; If you must share files, note that the Microsoft cloud storage service is fully FERPA compliant. Mute participants who do not need to speak. Do not record the meeting unless it is necessary and be aware that others may be able to record the meeting. https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing- and-online-classroom-hijacking-during-covid-19-pandemic https://www.askit.ttu.edu/portal/app/portlets/results/viewsolution.jsp?guest=1&solutionid=2003211837 30407 8
How to Secure Virtual Meetingscontinued Before sharing your screen, close unused windows to ensure you do not share sensitive or confidential information. Use a privacy shield or cover over your webcam when it is not in use. Ensure users are using the updated version of remote access/meeting applications. Lastly, ensure that your organization s telework policy or guide addresses requirements for physical and information security. https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing- and-online-classroom-hijacking-during-covid-19-pandemic https://www.askit.ttu.edu/portal/app/portlets/results/viewsolution.jsp?guest=1&solutionid=2003211837 30407 9
Zoom Security Recommendations for Admins Zoom administrators should ask all users & their guests to enter their full name, as well as their ESC or District abbreviation, for any Zoom meeting they connect to. This helps make sure that no one is admitted from a Zoom waiting room that should not be. Zoom administrators can force all of their users to use passwords for scheduled & instant meetings. There are several password settings, and it is suggested you turn them all on & lock them. This can be found under Admin>Account Management>Account Settings. To hard set, make sure you click the padlock icon to lock the setting for all. 10
Zoom Security Recommendations for Admins-continued Zoom administrators can force all of their users to use a waiting room. This can be found under Admin>Account Management>Account Settings. To hard set make sure you click the padlock icon to lock the setting for all. Also recommend to your host they assign someone to moderate that meeting room, so that folks are not admitted that should not be. Zoom administrators should disable & lock Far End Camera Control , under Admin>Account Management>Account Settings>In Meeting (advanced). 11
Zoom Security Recommendations for Admins-continued Zoom administrators can disable Join before host for all, and lock that setting as well. Zoom administrators can lock screen sharing down to where just the host can share. 12
Teams and Skype Use the Chat Pinning tool to ensure you are chatting with the correct recipients. Understand that chat, channel, and files data are retained forever unless the system admin has actively modified retention policies. On recurring meetings, always check to ensure one-time attendees are not included in subsequent meetings or meeting chat threads. Do not list personal information, such as location, phone number, or date of birth on your Skype profile. https://pubext.dir.texas.gov/portal/internal/resources/DocumentLibrary/DIR%20Virtual%20Collaboration%20Tools%20Security%20Tips.pdf 15
Webex Schedule Unlisted meetings and hide specific details, such as its host, topic, and starting time. Do not allow attendees to Join Before Host. Set up each meeting to require all attendees to enter a password. Create a unique password comprised of upper, lower case, numbers, and special characters for each meeting. Exclude the meeting password from attendee email invitations. Provide the password to attendees via a separate email or by phone. https://pubext.dir.texas.gov/portal/internal/resources/DocumentLibrary/DIR%20Virtual%20Collaboration%20Tools%20Security%20Tips.pdf 16
GoToMeeting Use the Attendee List pane to view all meeting attendees, change their presenter rights, or revoke attendee privileges. When sharing content select Show Only to share the desired information from your computer. This selection will show an animated gray frame indicating what attendees will see if selected. Require attendees who join via telephone to enter their Audio PIN. This gives the organizer audio controls for each participant. If users did not enter their audio PIN, right-click the person's name and select Send Audio PIN . https://pubext.dir.texas.gov/portal/internal/resources/DocumentLibrary/DIR%20Virtual%20Collaboration%20Tools%20Security%20Tips.pdf 17
Security References for Additional Solutions Adobe Connect: https://helpx.adobe.com/adobe- connect/installconfigure/security-tips-resources.html Blackboard Collaborate: https://help.blackboard.com/Learn/Administrator/Hosting/Securi ty/Secure_Configuration_Checklist Google Meet: https://www.blog.google/outreach- initiatives/education/meet-for-edu/ 18
Resources for Securing Virtual Meetings Zoom for K-12 Schools & Districts Privacy Policy Best Practices for Securing Your Virtual Classroom FERPA and Virtual Learning During COVID-19 Open Meeting Resource from DIR K-12 REMOTE LEARNING CHECKLIST: SECURING DATA IN A REMOTE LEARNING ENVIRONMENT 19
Additional Resources Texas Education Agency (TEA) https://tea.texas.gov/texas-schools/safe-and-healthy-schools/coronavirus- covid-19-support-and-guidance Texas Department of Information Resources (DIR) https://dir.texas.gov/View-Resources/Pages/Content.aspx?id=69 Consortium of School Networking (COSN) https://www.cosn.org/sites/default/files/COVID- 19%20%26%20Cybersecurity%20-%20Member%20Exclusive.pdf 20
Questions regarding HB 3834 Texas DIR website: https://dir.texas.gov/View-About-DIR/Information- Security/Pages/Content.aspx?id=154#completion HB 3834 Questions: TXTrainingCert@dir.texas.gov 21
Questions? 22