As teleworking becomes the norm while we all practice proper physical distancing, it is important to continue to think of the possible cyber security implications. While the Cyber Centre has not assessed the security aspects of specific teleconferencing tools, such as Zoom or Slack, we have issued a cyber alert that includes product guidance for various popular options. There are also best practices you should keep in mind regardless of the platform.
Finding the right teleconferencing tool for your organization should start by ensuring you pick a trustworthy source or vendor. There’s a range of tactics threat actors may use to interfere in your teleconferences, from simply trying to disrupt it with unwanted images or videos to exploiting security vulnerabilities that could let them execute malicious activities that put your devices and information at risk. A few simple actions on your organization’s part can help mitigate those possible risks.
First, stress the importance of following basic cyber security hygiene to all your employees, such as updating applications as soon as prompted, being aware of proper password guidance and best practices, knowing the common signs of phishing scams, and not using unsecured or public Wi-Fi networks.
For teleconferencing applications:
- Check your meeting settings to ensure that the meeting is private or by invitation only
- Use a strong passphrase or password to secure your meeting against unwanted guests.
- Use a “green room” or “waiting room” and don’t allow the meeting to begin until the host joins.
- Ask all attendees to identify themselves or set their usernames to their actual names.
- Don’t publicly broadcast the meeting ID or link.
- Never share sensitive information.
- Turn off any features you don’t need for your meeting (e.g. chat or file sharing).
Cyber threat actors are also adapting to the new reality of distancing and will find ways to achieve their goals – whatever they may be. Including basic cyber security hygiene in your new work from-home routine should become second nature, both to protect your personal network and information, as well as that of your organization.