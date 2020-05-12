Faced with cancellations of face-to-face meetings as a result of COVID-19, the computer security company reviews the security risks present when conducting videoconferences and how to overcome them.

The sudden increase in employees, students, teachers, and many other professionals working from home is driving huge demand for video conferencing, online collaboration tools, and chat systems.

On March 11, Kentik, a San Francisco-based network operator, reported a 200% increase in video traffic during business hours in North America and Asia, and this was before the quarantine went into effect. Mandatory in California and elsewhere. A few days ago, UK Prime Minister Boris Johnson shared a photo of himself chairing a cabinet meeting via the Zoom app, demonstrating social distancing even at the highest levels of government.

If a UK government meeting is authorized to take place online using a free video-conferencing tool, companies that have been forced to quickly adapt to employees working from home are likely to be able to do the same with some trust. However, from ESET they clarify that this does not alleviate the need to understand the security features of the tool and the need to control how a videoconference is carried out using the available tools.

ESET outlines some key considerations below:

· Work environment: Check the environment to make sure that the streaming video you share does not contain confidential information, making sure all sensitive material is out of reach of the camera.

· Access control: Most video conferencing platforms allow the ability to restrict access by Internet domain so that only users who have an email address belonging to your company can join the call. Alternatively, only allow invited attendees to add their email addresses to the invitation when scheduling the call.

Set a password for the meeting. This is generally an option offered when creating the meeting, which adds a randomly generated password that guests will need to enter to access it. A numeric password can be used to authenticate users who connect by phone. Keeping participants in a “waiting room” and approving each other’s connection gives the host maximum control over who is in the meeting. To handle this in larger meetings, you can promote other trusted attendees to an organizer or moderator role.

· Communications and file transfer: Some services encrypt chat by default, but not video unless specifically requested. If permitted by third-party endpoint client software, make sure it meets the requirements for end-to-end encryption. In case of file transfers, consider limiting the types of files that can be sent; for example, disallowing executable files (such as .exe files).

· Manage the level of commitment and the participants: The host, depending on the platform, may have the ability to request a notification when the user through whom the videoconference is taking place is not the main (active) window. If you are a teacher, this function can be extremely useful if you want to guarantee the attention of all your students. It is also allowed to monitor who joined the call, either by establishing a registration process to connect or by downloading a post-call participant list.

· Share screen: Limiting the ability to share the screen to the host eliminates the possibility of someone sharing content by mistake. Also, when sharing the screen, share only the necessary application, unlike the entire desktop. Apple’s iOS captures screenshots used when the task switches between applications. To protect yourself against this inadvertently, including capturing confidential information, check to see if the conference system can blur this image.

· Prevention: Take the time to review the configuration options offered by the video conferencing system you have or are planning to use. There are often many options, so finding the right settings for your environment is an important task that helps ensure that your company’s communications remain secure.

“It is also important to verify the privacy policy of the service you are using. The saying that “if it is free, you are probably the product” should be sufficient motivation to check whether the company is collecting, selling or sharing our data to finance the provision of its “free” service. As always, from ESET we recommend being vigilant before possible deception, keeping the systems updated and having a reliable security solution both on desktops and on mobile devices to enjoy technology safely ”, adds Camilo Gutiérrez, Head of the Research Laboratory of ESET Latin America.