Web conferencing systems are great for providing real-time chat, being able to see and hear other participants and, in some cases, to share or transfer files.
As we increasingly use web conferencing to keep in touch from home, cybercriminals may look to take advantage – by attempting to intercept sensitive conversations, or tricking people into downloading malware onto their devices.
To help you select a web conferencing system and understand how to use it securely, the Australian Cyber Security Centre has developed guidance which we encourage you to follow and share with your colleagues, staff, customers and other contacts.
How to stay safe when using web conferencing technology
Whether you’re a business considering different web conferencing options, or an individual running a conference call, there are simple steps you can take to make sure you’re using the technology securely and reducing your exposure to cybercriminals.
- Check the protections used by the provider. For example, depending on what country they're based in, the provider may be subject by law to covert data collection requests and access. You should also read the provider's terms and conditions carefully, paying close attention to conditions like whether the service provider claims ownership of any recorded conversations and content.
- Check that the provider offers multi-factor authentication for users to access the system.
- Check what information is collected by the service provider and how it is used. Such information can include names, roles, organisations, email addresses, and usernames and passwords of registered users. This will help inform what the privacy, security and legal risks are with using a provider.
- Review the provider’s security documentation, such as terms and conditions, against your organisation’s security needs. For instance, would accepting any of their security conditions breach your organisation's liability rules, particularly around data handling and storage?
For individual users
- Establish your meeting securely by sending invitations and logon details separately from the invitation through a secure method, like email or encrypted messaging apps. Do not share website links or logon details on publicly-accessible websites or social media.
- Be mindful of the sensitivity or classification of your conversations.
- Be aware of your surroundings and use a private room or headphones if possible. If around others, keep the microphone on mute unless speaking. This helps to ensure sensitive conversations aren’t accidentally overheard.
- Where video is required, try to position your camera so it is only capturing your face, so that again, it doesn't broadcast private or sensitive details in your background.
- Only allow invited participants to join the meeting – and be aware of any unidentified conference participants (ask people to identify themselves).
- Only share individual applications when screen sharing, rather than your whole screen so you don’t share more content than is needed.
- If you’re using a web conferencing system on your personal device, make sure you have the latest software and security updates installed. This will help prevent cybercriminals using weaknesses in software to access your devices.
Read our advice to help businesses stay secure from cyber threats while managing a remote workforce.
To stay up-to-date on the latest online threats and how to respond, sign up to the ACSC Alert Service.
If you’ve suffered financial loss from cybercrime, report it to ReportCyber at cyber.gov.au/report.