5 tips for securing your online meetings

Earlier this year, in the unexpected rush to enable everyone to work from home, these videoconferencing security vulnerabilities surfaced:

• The old hacking strategy of “war dialing,” using a randomizer to guess numbers in a sequence, can gain access to videoconferencing meetings that aren’t locked by a password
• The Boston-area FBI branch issued a warning to schools after a slew of online classes were videobombed, disrupting learning and sometimes exposing personal data
• Technology website The Verge had a videobomber disrupt a virtual happy hour with adult materials
• With a simple Google search, the Washington Post found thousands of recorded videoconferences on the open web, some of which exposed personal or professional information

While the consequences of some videoconference security breaches may be more embarrassing than harmful, the fact that remains videoconferencing requires just as much security planning as any other online aspect of work. The harm that can be done in virtual happy hours or with misfiled recordings is not nearly as damaging as it would be if someone gained access to a confidential company board meeting, product roadmap discussion, or accounting report.

That’s why it’s important to not only be aware of videoconferencing security, but for you and your colleagues to actively apply online meeting best practices.

Some ways you can reduce the chances of your videoconferences being hacked are technical, while others just require common sense and best practices. Here are 5 tips to help secure your online meetings:

• Classify meetings ahead of time: When scheduling meetings, each one should be assigned a risk level that matches certain security protocols. Not only does that allow you to get your technology configured, but it also tells attendees their role in keeping the meeting safe. A good rule of thumb is to ask, “Would you have this meeting in a coffee shop?” If not, tighten your security as much as possible.
• Use unique meeting IDs and passwords: Unique meeting IDs are your primary defense against war dialing. The harder it is to guess the credentials of a meeting, the harder it is for uninvited people to gain access. This is important if your videoconferencing application assigns everyone a permanent personal meeting ID that works like a phone number. Only give your personal meeting ID to colleagues you trust, and always lock those meetings to block intruders. You don’t want uninvited people popping into CEO meetings just because they have the personal meeting ID.

•  Conduct roll call before getting down to business: People often join meetings from devices other than their primary computer, so they may be identified only by a phone number or generic device ID like “iPhone XS on AT&T.” Know who those people are and whether they are supposed to be in the meeting. If you have attendees that aren’t on the guest list, you can remove them before talking about sensitive matters.
• Limit sharing: If the matter under discussion is sensitive, consider prohibiting people from inviting others without the host’s permission. If someone outside the original guest list is invited, make sure they understand the nature of the meeting and the security expectations. And whatever you do, don’t share the meeting ID or invitation link for a sensitive meeting on social media, private intranets, or other company platforms.
• Enable two-factor authentication: Gain more peace of mind that meeting participants are who they say they are by enabling the two-factor authentication feature of your meeting tool. While some users may not like the extra step, two-factor authentication and single sign-on providers (as well as the security features on most phones) have made the process as quick and easy as possible. And, the extra few seconds to enable that extra layer of security are worth it.

TeamViewer Meeting was built with security as the foundation. While intuitive and easy to use, TeamViewer Meeting protects your video calls with industry-grade security features.

• Meeting lock enables hosts to bar access to the meeting, blocking potential video bombers
• Unique meeting IDs and passwords add an extra layer of authentication
• Optional two-factor authentication verifies the identity of an attendee
• Video meetings are protected by 256-bit end-to-end session encryption, preventing third parties (including TeamViewer) from accessing the unreadable data in transit between devices (excludes meetings with phone dial-in participants)
• ISO9001 certified, GDPR and HIPAA compliant