Category: Web Conferencing

Web Conferencing Security

In light of COVID-19, many businesses and individuals are now turning to web conferencing systems, like Zoom, Skype, Google Hangouts, GoToMeeting and Cisco WebEx to connect online.

Web conferencing systems are great for providing real-time chat, being able to see and hear other participants and in some cases, to share or transfer files.

As we increasingly use web conferencing to keep in touch from home, cybercriminals may look to take advantage – attempting to intercept sensitive conversations, or tricking people into downloading malware on their devices.

How to stay safe when using web conferencing technology

Whether you’re a business considering different web conferencing options, or an individual running a conference call, there are simple steps you can take to make sure you’re using the technology securely and reducing your exposure to cybercriminals.

For businesses

  • Check the protections used by the provider. For example, depending on what country they’re based in, the provider may be subject by law to covert data collection requests and access. You should also read the provider’s terms and conditions carefully, paying close attention to conditions like whether the service provider claims ownership of any recorded conversations and content.
  • Check that the provider offers multi-factor authentication for users to access the system.
  • Check what information is collected by the service provider and how it is used. Such information can include names, roles, organisations, email addresses, and usernames and passwords of registered users. This will help inform what the privacy, security and legal risks are with using a provider.
  • Review the provider’s security documentation, such as terms and conditions, against your organisation’s security needs. For instance, would accepting any of their security conditions breach your organisation’s liability rules, particularly around data handling and storage?

For individual users

  • Establish your meeting securely by sending invitations and logon details separately from the invitation through a secure method, like email or encrypted messaging apps. Do not share website links or logon details on publicly-accessible websites or social media.
  • Be mindful of the sensitivity or classification of your conversations.
  • Be aware of your surroundings and use a private room or headphones if possible. If around others, keep the microphone on mute unless speaking. This helps to ensure sensitive conversations aren’t accidently overheard.
  • Where video is required, try to position your camera so it is only capturing your face, so that again, it doesn’t broadcast private or sensitive details in your background.
  • Only allow invited participants to join the meeting – and be aware of any unidentified conference participants (ask people to identify themselves).
  • Only share individual applications when screen sharing, rather than your whole screen so you don’t share more content than is needed.
  • If you’re using a web conferencing solution on your personal device, make sure you have the latest software and security updates installed. This will help prevent cybercriminals using weaknesses in software to access your devices.

The Australian Cyber Security Centre has developed guidance, which we encourage you to follow and share with your colleagues, staff, customers and other contacts.