When the COVID-19 pandemic began shuttering physical offices and shifting the business of work to homes, the use of video conferencing technologies such as Zoom, Google Hangouts, and Microsoft Teams skyrocketed. Even as some workers have returned to brick-and-mortar facilities, a hybrid workforce model has emerged making reliance on these tools the best means to keep in-office and work-from-home employees connected.
With the ability to take advantage of employee engagement features – breakout groups, whiteboards, chat boxes, polling questions, and feedback icons – a well-organized virtual presence powered by these solutions results in productive outcomes. Originally intended as “niche” products, according to the Cybersecurity and Infrastructure Security Agency (CISA), videoconferencing has since become critical necessities for remote workers, simultaneously heightening security concerns not anticipated by their original design. Good or bad, businesses have become very dependent on this technology; yet, widely reported problems have underscored the need for broad re-education on the security of these products.
With the added efficiency and flexibility of video conferencing comes increased risk for cybersecurity breaches. Instances of “Zoom-bombing,” in which uninvited individuals hijack a video call and share unwanted – sometimes very offensive – content, began primarily in online classroom settings, but have now become common for public meetings of all kinds. For instance, a virtual meeting of community leaders from Lewiston, Maine was hijacked with racist and violent images, and a similar incident took place during a recent Acton-Boxborough, Massachusetts school board meeting.
The Global Work-from-Home Experience Survey estimated that 56% of the U.S. workforce currently holds a job that is at least partially compatible with remote work – and that rate is likely to increase significantly after the COVID-19 pandemic. The same survey results suggested that by the end of 2021, more than a quarter of all employees in the United States will be working from home multiple days per week. Yet, according to a survey conducted by IBM Security in June 2020, 53% of employees are using their personal laptops and computers for business operations while working from home and 61% say their employer hasn’t provided tools to secure these devices. Of those polled by IBM, 55% indicated they conduct one to five meetings via videoconferencing per week and another 20% said they conduct between six and 10.
With this in mind, it’s crucial for human resources professionals to work closely with IT to warn their employees about the vulnerability of their online meeting technology and communicate best practices for ensuring the safety and security of their virtual meetings.
5 steps you can take to keep your video calls safe and secure
Here are several steps users can take to protect themselves and their work environment, keeping their team meetings secure on various platforms.
1. Do not make meetings public.
With Zoom and other virtual meeting platforms, the default setting is public, meaning they can be accessed by malicious individuals from outside the organization. The FBI recommends that individuals using video conferencing technology should make their meetings private by providing direct links to invited individuals and not sharing those links on social media platforms. On Zoom, users can make their meetings private either by requiring a meeting passcode or admitting guests manually as they sign on.
2. Make sure you have the most up-to-date version of the software.
Video conferencing software that is outdated can be especially vulnerable to hacking. Include similar language within the meeting invitation, encouraging employees to ensure that all virtual meeting platforms are fully updated by utilizing all available patches and latest versions before meetings.
3. Connect through a secure and password-protected Wi-Fi network.
More than 90% of all data breaches begin with unauthorized access to company data. CISA warns users that default settings for home Wi-Fi networks are unsecure, meaning bad actors can access sensitive company data if those default settings are not changed. CISA recommends that users change their default passwords for routers, choosing a generic name for home Wi-Fi networks to make it more difficult to identify, and ensuring a home router is configured to use WPA2 or WPA3 wireless encryption.
4. Implement a strong company policy.
As the first line of defense, to secure the privacy of their data organizations should maintain adequate security controls to help protect their network infrastructure and endpoints from cyber criminals. Implementing policies that require appropriate staff training and guidelines for password strength and protection, two-factor authentication, and regular application patching is recommended. Organizations should also include guidelines and resources for reporting breaches.
5. Manage and closely monitor file and screen sharing.
Determine beforehand how and what information will be shared during the meeting. The CISA recommends disabling or limiting screen and file sharing in virtual meetings and encourages users to share individual applications rather than full screens. Individuals can also consider the sensitivity of any proprietary information screen shared or uploaded during a virtual meeting, with the knowledge that information distributed over unsecure channels may be compromised.
As businesses adapt their workforces during the COVID-19 crisis and migrate to remote working they will need to continue to be proactive as they battle a new set of distractions. Remote work will continue in prevalence after the pandemic wanes, making it imperative to put measures in place that ensure virtual face-to-face interactions and collaborations are secure – working toward the ultimate goal of a safer virtual workplace.