Do’s and Don’ts for a Secure and Productive Video Teleconferencing Experience

  • avril 17, 2020
NTT DATA CISO Teleconferencing Blog

Video teleconferencing, like many other technologies, when used properly and in accordance with best practices can provide a productive environment with appropriate security and privacy. Popular video teleconferencing solutions – like Cisco Webex, Zoom and Microsoft Teams – require that end users take an active role in providing a secure, safe and productive meeting experience.

Contrary to what many news outlets are reporting, Zoom remains a secure platform. The reality is that Zoom and every teleconferencing solution can be configured and used in insecure ways. There is a shared responsibility model between the video teleconferencing vendor (to produce and maintain a secure product), the company (to control and configure appropriate settings), and the end users (to create secure meetings and attend meetings in a responsible manner).

The following “Do’s and Don’ts” is a list of best practices that NTT DATA has implemented in our environment and requires our employees to adhere to. We strongly urge ALL organizations and people using ANY video teleconferencing solutions to follow these recommendations.

DO

  • Enable the following settings when scheduling a meeting or using the instant meeting function:
    • Use a waiting room to ensure only known parties join
    • Use a unique password to ensure only authorized participants join
    • Use a randomly generated meeting ID to ensure people can’t join based on historic invitations
    • Use an audible tone when people join or leave
  • Monitor your attendee list throughout the meeting
  • Ask for permission to record the meeting, or at a minimum announce that you’re recording it. Wait 10 seconds to allow people to leave if they object.
  • Keep all video teleconferencing software patched and up to date
  • Watch your video teleconferencing identity for unknown usage or unexpected meetings
  • If you are not using Single Sign-On, change your video conferencing identity’s password on a regular basis using a strong, complex password
  • Lock your meeting once everyone has joined that you expect, if the video conferencing solution allows it (not all do)
  • Use screen share watermarks to help discourage screenshots, if the video conferencing solution allows it (not all do)

DON’T

  • Do not allow meetings to start before the host joins
  • Do not use a personal ID or other static meeting ID value. This could lead to unknown or unauthorized parties from joining a meeting based on re-using an old ID
  • Do not allow anonymous people to join
  • Do not allow co-hosts to present unless you know and trust them
  • Do not enable video by default
  • Do not reuse a password for your meetings
  • Do not reuse a password for your video conferencing identity
  • Don’t allow participants to record. Only the host should control the recordings.

During this massive shift to working remotely, everyone has a greater role in protecting ourselves than ever before. Remember that malicious actors know that people are more likely to make mistakes during a period fear and uncertainty. This pandemic is no exception. NTT DATA is committed to keeping our clients, employees and partners safe, and we’ll continue to share ways to stay prepared. Visit our COVID-19 Resource Center for more tips, tricks and best practices. 

Read all our blog posts related to COVID-19.

Subscribe to our blog

ribbon-logo-dark
Steve Williams

Steve Williams is the Enterprise CISO for NTT DATA Services. Steve is responsible for creating and maintaining an Information Security Program across NTT DATA Services, securing the services provided to our clients, and helping to harmonize the security strategy across NTT’s 900+ companies. He has more than 30 years of IT experience and before joining NTT DATA Services led global security teams at Dell, AMD and Pearson.

Related Blog Posts