Canadian government cyber experts offer tips for videoconference security

The spike in the number of people working from home has lead to a leap in videoconferencing so organizations can keep in touch with staff. However, some dark web sites are trading information on videoconferences that hackers or pranksters can listen in on.

That’s led the Canadian Centre for Cyber Security, the federal government’s cyber experts, to warn infosec pros to ensure these meetings are buttoned up to reduce the risk of data theft and reputational damage.

Here’s a summary of the recommendations:

  • First, don’t publish links to meetings in open forums. That’s how hackers learn about them
  • Make sure all meetings have a user password. If the system offers, use a “waiting room” where participants can be positively identified. (Separately, one non-government expert advises hosts to watch who joins a meeting in mid-session to verify the person is an authorized participant)
  • Use existing corporate solutions whenever possible. If you are picking a new solution choose a platform with appropriate security features. Factors to consider include the level of encryption, the ability to require passwords or other methods of authentication in order to join a videoconference
  • Someone in the organization has to set rules and expectations concerning the types of discussions that may take place on a given platform. (As an example, for Government of Canada users, classified material should never be shared on an unclassified network)

Related:

How IT leaders should prepare for COVID-19 challenges

 

  • Use the right tool for the job. Don’t be afraid to send sensitive documents via courier or secure email rather than sending them over a VTC shared files channel
  • Ensure that conference organizers are aware of the security features available on the platform and are used appropriately
  • Ensure all parties using the VTC software are aware of and comfortable with any data sharing done by the software owner in order to realize a profit (i.e. Selling data analytics for marketing purposes)
  • Choose a solution that allows you to control how your data is handled. Some platforms may route data outside Canada or store shared data on servers they control
  • Consider using a solution that does not require participants to install a client unless necessary. Not only does that aid simplicity, but there’s also no need for clients to be updated

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now