In this age of government telework, virtual meetings and even the occasional happy hours, and staying indoors to slow the spread of the new coronavirus, dangers continue to lurk at home in digital meetups.
The problems aren’t exclusive to the United States. In Britain, Prime Minister Boris Johnson and his Cabinet met over Zoom last week, just days after the the Ministry of Defence banned its staffers from using the service, according to a report from Sky News.
But there are steps virtual meeting and happy hour attendees can take to ensure privacy. In a March 17 blog post, Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology, warned that insecure meetings on virtual platforms could lead to private information being stolen.
“If virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop,” Greene wrote in a blog post, titled “Preventing Eavesdropping and Protecting Privacy on Virtual Meetings.”
In his post, Greene said that businesses need to limit the reuse of access codes, warning that “if you’ve used the same code for a while, you’ve probably shared it with more people than you can imagine or recall.”
For sensitive meetings, he suggested using single-use identification codes, along with multifactor authentication.
Greene also wrote that the meeting shouldn’t be able to start until the host joins. The host should also use a dashboard to monitor attendees and have new attendees announce who they are upon joining.
For web meetings with video, Greene wrote that features like file sharing and chat need to be turned off, and participants should make sure they aren’t about to expose sensitive information before they share their screen.
“Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively — and not the genesis of a data breach or other embarrassing and costly security or privacy incident,” Greene wrote.
Andrew Eversden covered all things defense technology for C4ISRNET. Beforehand, he reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.