Securing Live Conference Calls

One of my favourite programmes was Spooks. Seemingly capable of logging into anything, it was always done speedily and without much thought. Hacking Zoom is the new reality - but it doesn’t involve hacking, it just involves knowing slightly more than someone else. Like the Cabinet Office releasing screenshots of a Zoom call clearly showing the meeting ID.

Cabinet meeting.jpg

I think that when we hastily set stuff up, we don't always think about the potential negative consequences. This is especially true of anything internet-related. If you have never live-streamed, there is a lot to think about. It's not like Spooks, or picking up a telephone.

Zoombombing

Schools Week reports that an online conference of headteachers was 'zoombombed' last week and that shocking pornography was unleashed on the viewing leaders. Similar “interruptions” have been happening all over the place.

Zoom is a market leader and like any market leader will attract more 'bad actors' than other products. In March, Zoom added 2.22 million users worldwide; in the whole of 2019, it grew by 2 million. In other words, more people joined over the last month than in the whole of 2019. I suspect many of those had never used a remote platform before.

With immediate effect, Zoom are forcing users to password protect their meeting room. This is an important first step. Other things to do to protect your Zoom space are:

  • Use a new meeting room each time (i.e. don't use the personal meeting ID)
  • Don't allow attendees to join before host
  • Mute attendees on joining
  • Turn screen sharing off
  • Set up a 'waiting room'
  • Lock your meeting room after you have started
  • Don't publicise your meeting's link on social media
  • Don't share the screenshot of everyone, especially when it show the meeting ID
  • Try to have someone whose job it is to 'manage the room' and focus just on doing that
  • Tell people what the Plan B is (i.e. if you do have to abort the meeting where will the meeting move to and how can people rejoin)

Additionally,

  • Avoid sharing personal information
  • Turn off your video and microphone, unless it's needed

Where to find out more about using Zoom and other online technologies

Steve Dotto from dottotech, a Canadian business, has some great videos about setting up and using Zoom.

In this video, Steve works with his wife, a teacher, to look at the main features of Zoom:

Do you already have tried and tested tech tools?

Many offices will already have conferencing tools that they can use, probably as part of office suites they already use.

Welcome to Microsoft Teams

https://support.office.com/en-gb/article/video-welcome-to-microsoft-teams-b98d533f-118e-4bae-bf44-3df2470c2b12

Learn about the new Hangouts Chat (GSuite)

There are lots of videos and articles on the web that can give you more information, above is just a very quick insight into Teams and Hangouts Chat. Obviously Houseparty is prevalent for dispersed and isolated school children and families and the issues are fairly identical to Zoom’s.

Take time to learn about new tech

I'm quite tech-savvy, but it has taken a while for me to get to know the online tech tools, so I can do more work online. It takes trial and error, and rehearsal to get it right. It's not Spooks!

Above all, remember just because it can be done, doesn't mean it should be.

The key points are, as with everything that we do on the internet, to make sure your password protocols are strong and that there is no multi-use of passwords. Having done that, don’t let “strangers” on to your accounts and similarly, don’t join ad hoc conversations.

 

Neil Sinclair.jpg

Neil Sinclair is the National Cyber Lead for the Police Digital Security Centre.  Neil was recognised in The Progress 1000: London's most influential people 2019 for his work in Technology & Cyber Security.

Neil has worked in UK counter-terrorism policing for over thirty years and has been involved in most of the Metropolitan Police’s biggest Terrorist Operations. He was a key member of the National Terrorist Financial Investigation Unit for 10 years and is an accredited Financial Investigator.

Neil was the Lead for Financial Intelligence at GCHQ, prior to joining the Police Digital Security Centre.