Best Practices for Securing Your Web Conference and eLearning Sessions

by CoSo

February 4, 2021

It actually happened.

Hackers from the activist group Anonymous broke into a weekly conference call between the FBI and Scotland Yard and then posted the entire call on the Internet.

What was the call about? Hackers.

Rarely when people talk about information security these days do they include conferencing. But think about it. Tremendous amounts of sensitive information passes back and forth through these sessions.

This could include your organization’s confidential business strategies, product road maps, competitive positioning, merger and acquisition plans… anything. If you’re a government organization, what about the knowledge and coordination being communicated across various agencies and world governments? Military training courses? Power grid operation training? Anti-terrorist strategies?

Often such conferences and training sessions are archived for future calls. A hacker could potentially access that information by breaking into the employee’s email or cell phone through a simple phishing attack, but there are plenty of other vulnerable points of access.

In November of 2018, cybersecurity firm Tenable announced it found vulnerability within the Zoom web video conferencing platform that could have allowed a hacker to take control of the conference, impersonate attendees, kick attendees off meetings, and hijack user desktops. In 2020, we watched this vulnerability evolve into ”Zoom “bombs”.

It doesn’t necessarily take a software bug or great technical sophistication to break in. Anyone with the right login credentials can insert themselves into the flow of real-time communication. They can sift through presentation materials. They can access archived information. If you email out an invite to a WebEx or Teams conference, how do you know that email wasn’t compromised? What about people who write their passwords on a sticky note attached to their monitor? How do you know the slides you presented weren’t saved onto a laptop that was later lost? Screen shots?

You see, whether one is talking about data that’s deliberately hacked or data that’s inadvertently mishandled or lost, it’s really not that hard for your organization’s secrets to get into the wrong hands.

That’s why it’s important to:

• Only allow registered attendees that you invite into meetings

• Set new passwords for specific meetings instead of relying on the same password over and over again

• Instruct trainers to hand select who they let into rooms (instead of allowing automatic entry)

• Set rank-based permission levels—i.e. low level users only have access to Tier 3 content while high level execs get access to Tiers 1-3 (this could apply to both live and on-demand content)

• Implement Single Sign-On, which allows IT admins to quickly reset or revoke users with a single stroke across all company-owned properties

• Audit records

• Require that security access cards or badges that govern your workers’ physical movements to access their virtual ones (card readers can be installed at all trainee computer terminals)

• Hire CoSo Cloud as your managed service provider!

Information security best practices and strategies must include web conferencing, eLearning, and Virtual Classroom technologies. It amazes me how often these are overlooked.

Click here to learn more about how CoSo Cloud can help provide the highest levels of information and cyber security for these collaboration tools with our award-winning secure private cloud managed services.