How secure are chat and webconf tools
0 likes123 views
The document discusses the security of chat and web conferencing tools, highlighting three main concerns: application security, data management, and user behavior. It provides practical advice for using these tools safely, including verifying the application, reviewing terms of service, and ensuring proper communication protocols are in place. The emphasis is on using end-to-end encryption and being cautious about sharing sensitive information during virtual meetings.
How secure are chat and webconf tools
- 1. How secure are Chat & Webconferencing Tools? Jan Guldentops (CEO Better Access, Lector at AP Hogeschool) Marc Vael (CISO ESKO, president of SAI) Tuesday 23rd of March 2021
- 2. Objective of today Show how secure chat tools & webconferencing tools really are
- 6. There is a hurd of elephants in the room !
- 7. The first elephant the application • Verify if you have the right & latest application! • Using applications from a third party, most providers control or have access to: • at least meta-data • most often also the data of the chats & the webconference itself • You do not allow such access? • Careful which provider you choose • Use end-to-end encrypted solutions but be aware of the performance impact • Set up your own chat/webconference platform and make it secure but be aware of the cost in manpower to support & maintain
- 9. The second elephant the data • Chat & Webconference applications are used for all sorts of communication, including sharing business sensitive or critical information • You want to be able to • Look up that communication again • Reproduce the chat / webconference for compliance reasons • Are you sure you can do this? • Did you read the SLA? • Do you have a backup / export?
- 12. The third elephant the people • Communication is done by people • People do stupid things and are much harder to train then elephants • Educate all people regularly on using chats & webconference tools in a professional manner • Explain guidelines / rules of conduct • Use common sense!
- 26. “you’re on mute” Most heard phrase worldwide in 2020
- 27. 3 modus operandi 1. One-to-one chat & videocall You talk to 1 person 2. #channel, #teams-based discussion 3. Multi-user chat & videocall Each choice has different security paradigms!
- 28. Every Zoom meeting is based on a 9-digit meeting ID
- 32. Webconferencing tools compared Zoom Teams Jitsi Signal Feature richness *** ** ** * Video quality *** ** ** * Watermarking *** Authentication *** *** *** * End-to-end encryption *** *** *** *** End-to-end crypto multi-user ***
- 34. Advice for using webconference tools 1. Consider first if the information you want to share is best communicated via webconference tool. Maybe the information is so sensitive that another tool is better (like phone call or face to face) 2. Review the Terms & Conditions and the Privacy Policy of the webconferencing provider. Some may share personal data with marketing companies. 3. If you are hosting a web conference with external users, always add a password, disable ‘join before host’, turn-off annotations and use the waiting room. Do not share meeting ID for public events.
- 37. Advice for using webconference tools 4. If you are hosting a web conference with internal users only, use your internal authentication for accessing the webconference tool. 5. Turn off any listening devices (like Google Home, Amazon Alexa, or smart phone apps) near you during your webconference. 6. Consider whether saving recordings is necessary. If you did not record conversations or meetings before, should you record a webconference just because you can? This could add additional unnecessary privacy risks.
- 38. Advice for using webconference tools 7. When organising a webconference, verify the identity of all participants at the start of the meeting and clearly define the ground rules and the agenda of the meeting 8. When attending an internal or external webconference, be aware that you can be recorded by other recording devices (like smartphone) capturing all voice, video, and text from the meeting. 9. Sign into external webconferences with your partial name or a nickname. Avoid personal data sharing.
- 39. Advice for using webconference tools 10. Disable your camera & your microphone, unless needed to participate. 11. Before switching on your camera or sharing your screen, ensure confidential information is not visible on your shared screen. Always use a professional background picture. 12. Consider who is nearby and what information could be overheard or seen.
- 40. Advice for using webconference tools 13. Always verify files which are shared via external webconferences as they could contain malware. 14.If your profession is governed by a licensing board or body, check with your governing body for possible webconferencing guidelines & recommendations. 15. If you have professional liability insurance, check that your (cyber)insurance also covers webconferencing.
- 41. Final tip
- 44. Zero-knowledge a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true, without conveying any information apart from the fact that the statement is indeed true.
- 46. Contact details Mr. Marc Vael, CISM, CISSP, CRISC CISO President Esko SAI marc.vael@sai.be http://www.linkedin.com/in/marcvael @marcvael j@ba.be http://www.linkedin.com/in/janguldentops @JanGuldentops Mr. Jan Guldentops CEO Lector Security BA AP