During these unprecedented times, companies are working to stay connected with their clients and employees. In my earlier post I walked through cybersecurity guidance for remote workers. Companies are turning to video conferencing to comply with social distancing to support ordinary business operations and comply with day-to-day activities. It’s an effective way to remain connected to team members and clients. Unfortunately, with this shift there has been concerns over privacy and security. Within a few weeks the way we communicate and interact has changed drastically and the cyber criminals are trying to find ways to monetize this shift.
- Video conferencing hijacking or “bombing” is occurring. It has prompted a response from the FBI.
- War Dialing is occurring to discover passwords and meetings
Some things to consider when setting up your video conference call:
- Upgrade from the consumer-grade software to those designed for enterprise use. They typically have more security settings.
- Require a password – this will help keep uninvited guests from joining your meeting. Use password best practices when selecting.
- Review the default security settings.
- Use a waiting room and admitting known participants.
- Verify meeting attendees.
- Confirm software is up-to-date with latest version.
- Confirm meeting links are from known and trusted sender – Be cautious of phishing attempts.
- Educate employees on hosting meeting.
Check out our blog cybersecurity guidance for remote workers. Please consult with your information security teams on the issues specific to your business.
If you have any questions about what policy should respond or if you have adequate cyber coverage, please contact me here to further discuss.
Cyber Strategic Leader
Sources: (fbi.gov, krebsonsecurity.com, computerworld.com)
This post was originally published in April 2020; updated May 2020.
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.