In most organizations, the only meetings happening right now arevirtual meetings.
And quite frankly, if you're reading this article, you may be one of the few in your organization giving the security of these virtual meetings much thought.
That does not surpriseJeff Greene, Director of theNational Cybersecurity Center of Excellence (NCCoE), which is part of NIST.
"While many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn't been finishing one call when attendees of the next call start joining—because the access code is the same?
In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop."
7 NIST best practices for secure virtual meetings
Thankfully, NIST has come up with some best practices for virtual meeting security, so let's take a look at them.
Note: there arelow, medium,andhigh riskconference calls based on the content. The higher the risk, the more of these steps you'll want to implement.
Limit reuse of access codes; if you've used the same code for a while, you've probably shared it with more people than you can imagine or recall.
If the topic is sensitive, use one-time PINs or meeting identifier codes, and consider multi-factor authentication (MFA).
Use a "green room" or "waiting room" and don't allow the meeting to begin until the host joins.
Enable notification when attendees join by playing a tone or announcing names. If this is not an option, make sure the meeting host asks new attendees to identify themselves.
If available, use a dashboard to monitor attendees—and identify all generic attendees.
Don't record the meeting unless it's necessary.
If it's a web meeting (with video):
Disable features you don't need (like chat or file sharing).
Before anyone shares their screen, remind them not to share other sensitive information during the meeting inadvertently.