Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

6 Best Practices for Safe Online Meetings

Video conferencing is a critical communication tool for most institutions and individuals, playing a vital role in keeping remote employees connected, and offering the ability to hold online events.
 
However, as a communication channel that is widely and consistently used, it has become a target for malicious actors who aim to intercept and record private communications and misuse sensitive data.
 
With so many of us making use of virtual meetings during the COVID-19 pandemic, individuals and teams must ensure they are aware of, and employing, security best practices to conduct secure online meetings.
 
Here are 6 best practices to help you manage video conferences securely.
 
1. Use unique meeting codes for every online event
 
While having the same meeting ID for consecutive meetings is convenient, it is equally convenient for malicious actors, who once they get a hold of an ID can enter the meeting uninvited.
  • Never reuse the same meeting ID, especially for critical meetings.
  • Ensure your video conferencing application sets up unique video IDs as default, or you know how to set up unique meeting codes yourself.
 
2. Set meeting passwords that are strong
 
While this may add some bother for participants, it adds an extra layer of needed protection, particularly for critical meetings. Ensure these passwords are at least 10 characters, include upper-case and lower-case letters, and include numbers and symbols.
 
3. Use a waiting room
 
A waiting room gives the host control over who enters the meeting. It doesn’t matter if they have the password, all attendees must be admitted by the host before joining. This adds another layer of protection from unapproved individuals attending.
 
4. Avoid posting meeting links on social media
 
Avoid posting links to your meetings on social media – even if they’re events open to the public. Once shared on social media you do not know who has access to the link, and this could lead to malicious actors entering the meeting. If you feel the link must be shared via social media, apply required registration so you can verify potential participants.
 
5. During public events, treat the chatroom with caution
 
For online events, ensure participants understand to approach the chat with caution, as malicious actors posing as regular attendees may use chat features to share dangerous links or attachments. If necessary, you may even be able to disable the chat feature until the end of the video conference or during a Q/A session, so that participants do not unknowingly click on a malicious file.
 
6. Don’t allow default screen sharing
 
In smaller work meetings with colleagues you are familiar with, default screen sharing is appropriate.
  • As a general rule, it is better to ensure screen sharing for participants isn’t set to “on” by default.
  • The host of the meeting should be able to control who and when screen sharing occurs in order to efficiently manage the meeting and ensure the meeting isn’t interrupted by uninvited content.
 
 

 

 

21 January 2022

© 2024 National Cyber Security Authority