Do’s and don’ts of remote collaboration security

When a piece of technology quickly grows in popularity, it’s a given that the number of threat actors taking advantage of new and untrained users will also grow. The world is seeing this now with video conferencing tools, especially the popular and free Zoom.

With multiple reports of calls being interrupted with pornographic, violent, or racial images and threatening language, the FBI has issued a warning for users of video conferencing platforms about the issue. Techniques to discover meeting IDs for Zoom meetings have been circulating for nearly a year, but have seen a large spike in usage.

The good news is that most video conferencing and remote collaboration tools include settings that can prevent these events from occurring. ITS has additional resources to learn about the best collaboration tools for your situation, including best-practice guides and live training.

Here are some tips to ensure a good experience.

  • Don’t use consumer-grade software or subscription plans. Consumer tools and subscriptions do not have the administrative tools needed to limit access. While no solution can guarantee security, enterprise-grade tools like Blackboard Collaborate or Microsoft Teams offer a more complete set of controls.
  • Do use waiting room features. These features place participants in a separate room before the meeting and allow the host to admit only the people who are supposed to be there.
  • Don’t share links to meetings or classes via social media. Invite the attendees via email or from the collaboration software.
  • Do use the latest software version. Security vulnerabilities are likely to be exploited more often in older versions. For example, Zoom recently updated its software to require password-protected meetings, and is rolling out more features in the coming months. Double-check that participants are using the latest version available.
  • Don’t use video on a call until you need to. Turning off your webcam and muting your microphone when you’re not speaking prevents social engineering efforts to learn more about you, and saves network bandwidth, improving the quality of the meeting.
  • Do eject participants if an intruder gets in or becomes unruly. Ejecting a participant prevents them from rejoining.

While scams and phishing related to working from home and COVID-19 are more prevalent than ever, collaboration and meetings are being hit especially hard. ITS will continue to simulate phishing and assign training to those most susceptible. If you believe you’ve been targeted by phishing, see Reporting a Phishing Message (How-to).

— Peter Lundstedt, ITS