The Bedel Security Blog

Considerations for Securing Online Meeting Software

Written by Stephanie Goetz | Mar 19, 2021

It’s safe to say that remote work is here stay. While we are on the verge of opening back up after COVID, people have loved the flexibility that remote work provides and perhaps there’s no going back. Also, COVID and the expansion of technology has further opened up business opportunities outside of a businesses’ immediate geographic area. With all of these developments, one of the must have tech tools is online meeting software.

Many tools have similar capabilities, so I’ll keep this pretty tool neutral. However, the most popular tools for business seem to be Zoom and Teams. Whether you are adding, expanding, changing, or just quickly implemented yours during lockdowns, here are five considerations for securing your online meeting software:  

  1. Who needs to use it? Are they all current users within your institution? A subset? Are they users outside your organization? In addition to licensing considerations, we want to restrict access only to those requiring access to your meetings. Allowing anonymous or unauthenticated users can increase the risk of uninvited visitors to your meeting– remember Zoom bombing? If you will have regular visitors outside your organization, you may consider adding a guest account or whitelist only external emails that are anticipated to attend your meetings. Also, implementing a waiting room so that the host can control who gets into the meeting is a good idea.

  2. Who will manage the structure of the meetings? There are a variety of ways to manage who can do what within the meetings. Some are organized so that the permissions are managed by the permission level, such as guest, manager, etc. Or it can be set that presenters will be able to manage permissions for each individual meeting. These permissions are the ability to screen share, mute participants, record, use the chat feature, etc.

  3. Will users send files? When we think about how in person meetings go, it typically involves a handout, slide deck, or if this is a sales meeting, perhaps we need the client to provide some information in a form, etc. In an effort to simulate this without a common backend platform, online meeting software can allow participants to send files. Please be careful when using non-public information in these files and turn off this capability if it is not planned to be used. Additionally, some offer data loss prevention controls so consider using those to ensure only appropriate information is shared.

  4. Will meetings need to be played back? Most commonly training sessions and meetings where key decisions are made include the use cases for recording meetings. While most software has an indicator that recording is underway, it is probably best to limit the recording capability to only those who need it to prevent unintentional recording. Also, it’s important to understand where the recordings will reside, who is allowed to access them or share them outside the institution.

  5. Where will content from meetings reside? Whether it is the file sharing, recording or chat transcripts, it’s important to understand where they will collect and how long they need to be retained and destroy them when no longer needed.

 

Though many of these considerations are new, the old principles still apply: use the least amount of privilege, functionality, and data required to achieve the desired outcome of your meetings and enable only as needed…for only those who need it.

This requires an understanding and planning upfront for how you expect to use it and how that interaction and/or workflow will run. While we all get excited and want to jump in, this upfront work will pay off in the end when your meetings are secure and bloopers don’t end up online.

Contact us at support@bedelsecurity.com if you need help securing or hardening your online meetings!