• ISO9001 Quality Management
    Systems (QMS)
  • ISO14001 Environmental Management
    Systems (EMS)
  • ISO50001 Energy Management
    Systems (EnMS)
  • ISO45001 Health & Safety Management
    Systems (OHASMS)
  • ISO27001 Information security
    management systems (ISMS)

Who’s sitting in on your board meeting?

21 Dec 2020

When we have private conversations, we make sure that there is no one around to hear them. In fact, when there is a high level of confidentiality required, we make sure that we have taken all precautions to protect that sensitivity.

We have non-disclosure agreements (NDA’s), we only invite those that ‘need to know’, and we even have policies to highlight who has access to what information.

Addressing the elephant in the room

We give this much attention to detail with physical meetings, but what about when we are meeting online?

More and more important meetings are moving to online meeting applications like Zoom, Microsoft Teams, Slack and Hangouts.

We refer to these as High Tech, Low Security solutions (HTLS) – they were designed as team collaboration tools, not secure channels for conducting high level, strategic discussions, intellectual property or commercially sensitive material.

And let’s face it, the track record for data hacks on these applications isn’t great.

Dealing with unwanted guests

With the risk of ‘Zoom bombing’ (uninvited guests secretly joining your meetings) on the rise, we really need to consider the risk if these ‘guests’ are able to sit in and record high level board meetings without your knowledge or permission.

We can no longer rely on apps to manage our information security.

Even if the big tech giants do get their act together and fixed these known vulnerabilities, you and your teams could still be left wide open to malicious cyber-attacks and hacks. It only takes a disgruntle employee to share details with hackers on the dark web!

Making online meetings more secure

We know we can’t trust the providers to fix this growing issue. Their focus is on providing collaborations tools not on the high level of security you might need.

We would recommend using security plugins like Highside end-to-end encryption software that is designed to make online conferencing more secure. Simply add the plugin and you’re good to go. Read More.

Reducing your risks – Free webinar

Companies wishing to develop a strategy for information security, to mitigate the implications that a data breach may cause, should consider ISO27001.

It helps set a framework around for information security and managing risks. Simply put, it sets out to find where the risks are, and then systematically how to treat them through the implementation of security controls (or safeguards).

We are running a Free Webinar on Information Security Best Practices in January 2021 called ‘How to prevent Zoom, Microsoft Teams and Video conference hacks’. To book click here.

Checklist for shutting the door on hackers

Here are 6 points to help make your online meetings more secure.

  • Password Protection – Don’t let just anyone join your Zoom meetings. Set a unique password and make sure that nobody shares this to outsiders. Not having any password is like an open invitation for ‘Zoom bombing’ attacks.
  • Private Meeting ID Safety – Avoid sharing meeting IDs or links publicly. Send meeting IDs over private messages. Also, don’t use meeting IDs that reflect the nature of what your meeting is about. Let Zoom generate a random ID (with alphanumeric characters) so your meetings aren’t attractive to potential attackers.
  • Waiting Rooms – Screen participants prior to them joining a meeting. Zoom has this feature and it will prevent attackers being able to interact with others in an ongoing meeting.
  • Screen Sharing Restriction – The reason why ‘Zoom bombing’ exploded as it did is largely Zoom’s default setting of allowing all participants in a session to share their screens. That’s why it only makes sense to change this into “host only” so the host can control what appears on the screen.
  • File Transfer Disabling – It’s also advisable to disable the file transfer feature to prevent malicious participants from accessing sensitive documents. This feature can facilitate malware infection, which can lead to more serious problems than plain ‘Zoom bombing’.
  • Participant Management – Hosts have the ability to control camera output on the screen and mute participants. They can also regulate screen sharing from participants. They can kick participants out of a session, although they may join again with a different name. To address this flaw, it’s recommended disabling the “Allow Removed Participants to Rejoin” option.
© Copyright All Rights Reserved, NDC Certification Services Ltd. 2020.