Security Best Practices for Video-teleconferencing

There is an ongoing trend of businesses, schools, and government entities using video-teleconferencing platforms to conduct meetings in order to provide continuity for business and learning.  When these types of services are utilized with poor security practices, malicious actors target various teleconferencing solutions to exploit vulnerabilities (e.g. session hijacking, stealing sensitive data, etc.).

The following includes best security practices for using a video-teleconferencing solution:

• When sharing the invite link to your meeting attendees, always prefer using their @fredonia.edu emails over personal addresses. 
• Sharing the invite link through trusted means such as OnCourse and FredMail is crucial. Do not share meeting invitations in public forums found on social media or published on websites.
• Waiting Room is a feature available in various video conferencing services allowing the host to control when a participant can join the meeting. If the service you are using offers a waiting room feature, utilize it to vet who and when an attendee is allowed to join the meeting.
• Limit the number of attendees allowed in a meeting. This limit can be the number of students in your class or number of expected members you’re meeting with.
• Screen sharing is a feature allowing you to present your computer’s screen to everyone in the meeting. Manage this screen sharing through a host and/or disable everyone from being able to present. This prevents anyone in your session from sharing their screen/content to all the participants.
• Password protect meeting access whenever possible.
• Ensure users are using the current version of the software.

General Use Recommendations

• Turn off mic/video after the meeting: Online communication services such as Discord do not disconnect your microphone and/or video automatically when clicked on the close button and continue to run in the background. Make sure the microphone and video are turned off in the application after ending each meeting. 

• Test before you use: Always test the feature you will be using in your video session prior to the meeting. 

• Verify recording status: If you plan on recording your meeting, verify if the recording has started. 

• Mute participants upon entry (feature): Enabling this feature will mute participants upon joining the session and will prevent noisy backgrounds coming from their part.

• Share screen wisely: Make sure all unnecessary applications are closed before sharing your screen to everyone in the meeting.

• Never share sensitive information: Do not share personal or sensitive information in your meeting unless authorized to do so (e.g. Telepracticing).

• Remove participants from the meeting: As a host, you have the ability to remove any unwanted participant from your meeting.

Best Security Practices for Commonly Used Video-teleconferencing Services

• Google Hangouts Meet
• Zoom (Also read Fredonia's Zoom Security Settings KB)
• Cisco Webex
• Microsoft Teams

Please contact the ITS Service Center through email at ITS.ServiceCenter@fredonia.edu, or by phone at (716) 673-3407 if you need any assistance or to report a security incident.