Using a web conferencing solution
When using a web conferencing solution, it is important that organisations practice the following activities.
Configure the web conferencing solution securely
Review the service provider’s documentation for the security features and recommended configurations related to their web conferencing solution. In doing so, note that default security settings in web conferencing solutions may need to be configured to meet organisational security needs. Furthermore, advise staff using the web conferencing solution on personal devices to ensure that they have applied all security patches for their devices and their devices are as secure as reasonably practicable.
Establish meetings securely
When hosting a meeting, consider how invitations, website links and access credentials will be distributed to participants. If permitting guests, send meeting details and access credentials separately via email or encrypted messaging apps. Do not share website links or access credentials on publicly-accessible websites or social media. Finally, remember to update any access credentials periodically, such as once a month, or after they have been provided to any guests. This will reduce the risk of guests joining other meetings they haven’t been invited to.
Be aware of unidentified participants
Only allow invited participants to join a meeting, and once all participants are present, consider locking the meeting so no one else can join. However, in some cases, it may not be possible to identify individual participants, such as when they join via a telephone call. In such cases, take note of sounds or visual notifications indicating that participants are joining the meeting, and ask any unknown participants to identify themselves. If unknown participants are unable to appropriately identify themselves, they should be disconnected by the meeting host.
Be aware of surroundings
Using a private location for meetings will help maintain confidentiality. If a private location isn’t possible, using headphones can ensure that when working in a shared location only approved meeting participants will hear the full discussions. In addition, muting the microphone when not actively speaking improves the meeting experience by eliminating unwanted background noises, such as keyboard typing sounds or audio feedback loops, and prevents accidentally broadcasting private or sensitive discussions that may be happening nearby.
Finally, with high definition webcams now the norm, participants may unwittingly broadcast private or sensitive details in their background. Where video is required for a meeting, try to position cameras so they only capture participants’ faces. Alternatively, consider using background blurring features if they are available, noting these may be specific to certain service providers.
Be mindful of conversations
Be aware of the potential private nature or sensitivity of workplace conversations, and limit discussions in meetings to those approved to be conducted using a web conferencing solution. It is also good practice to set expectations prior to a meeting, for example, whether the contents of the meeting will be recorded or made public. For Commonwealth entities, consider what sensitivity or classification has been authorised for discussions over any web conferencing solutions.
Only share what is required
If sharing screen content for a meeting, it is best practice to share an individual application instead of a device’s entire screen. Alternatively, a web conferencing solution may be able to select only a section of a device’s screen to share. However, if screen sharing is not required, either disable the functionality or limit its use to only the meeting host. For similar reasons, capabilities that record and automatically transcribe calls, subtitle videos or share files can create a risk of inadvertently sharing more content than intended.