The US National Institute of Standards and Technology (NIST) today shared a number of measures that should be taken by remote workers to prevent eavesdropping and protect their privacy during virtual meetings while working from home during the current COVID-19 pandemic.
Jeff Greene, the director of the National Cybersecurity Center of Excellence (NCCoE) at the NIST said that "if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop."
"Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident."
Boost your online meetings' security
Greene suggests taking advantage of your conferencing software's built-in security features, as well as of suggestions provided by their developers to boost virtual meetings' security.
NCCoE's director recommends considering multi-factor authentication (MFA) whenever available and to make use of a dashboard to keep a close eye on your meeting's attendees.
Limiting the reuse of meeting access codes and enabling notifications on attendees joining in to be able to quickly identify those who shouldn't be attending.
The list of measures to be taken to prevent eavesdropping by unauthorized parties according to the NIST:
• Limit reuse of access codes; if you’ve used the same code for a while, you’ve probably shared it with more people than you can imagine or recall.
• If the topic is sensitive, use one-time PINs or meeting identifier codes, and consider multi-factor authentication.
• Use a “green room” or “waiting room” and don’t allow the meeting to begin until the host joins.
• Enable notification when attendees join by playing a tone or announcing names. If this is not an option, make sure the meeting host asks new attendees to identify themselves.
• If available, use a dashboard to monitor attendees – and identify all generic attendees.
• Don’t record the meeting unless it’s necessary.
• If it’s a web meeting (with video):
- Disable features you don’t need (like chat or file sharing).
- Before anyone shares their screen, remind them not to share other sensitive information during the meeting inadvertently.
When you know that sensitive information will be shared between the attendees of a specific virtual meeting, you can also take the following additional measures to further increase security:
• Issuing unique PINs or passwords for each attendee and instructing them not to share them.
• Using a dashboard feature so you can see who all the attendees are at any time.
• Locking the call once you have identified all the attendees and lines in use.
• Encrypting recordings, requiring a passphrase to decrypt them, and deleting recordings stored by the provider.
• Only conducting web meetings on organization-issued devices.
NIST provides a separate collection of telework security resources designed to assist remote workers including a guide to enterprise telework and BYOD security, an infographic on securing conference calls, guidance on mobile security, and security configurations and checklists.
CISA tips on securing enterprise VPNs
The DHS Cybersecurity and Infrastructure Security Agency (CISA) also shared tips on how to secure enterprise virtual private networks (VPNs) in response to the increasing number of employees working from home in response to the current COVID-19 pandemic.
CISA advised organizations to keep their VPN software, network devices, and user devices up to date, to alert their employees of any phishing attacks, as well as to make sure that their security teams are up to speed when it comes to security incident detection and response.
Also, CISA recommended implementing MFA on VPN connections or require users to use strong passwords as a defense measure against attacks.
Enterprises were also encouraged to test their VPN infrastructure in advance to assess its capability to support an increased number of users.
As part of its teleworking guidance, the DHS cybersecurity agency also suggested reviewing CISA documentation on how to secure network infrastructure devices, avoid social engineering and phishing attacks, as well as to choose, protect and supplement passwords.
To assist the wave of new remote workers, Software developers and service providers including Google, Microsoft, Adobe, Zoom, and LogMeIn, are also offering free licenses or enhanced versions of their software and services during Coronavirus-disease outbreak.
Comments
Engineer_AI - 4 years ago
Good Guy Tech Companies: The work from home phenomenon is being globally experienced, simultaneously. Although There are many tech companies who will help you in setting up your work force - there are as many who will try to sabotage it. Take malicious VPN providers, who engineer AI malware to latch onto your free software, and harvest your personal data from within. Be advised of the dangers, and be safe.
~Vibhor Tyagi (Techie at Engineer.AI)