Cyber Bites

Video Conferencing Best Practices

Video Conferencing software is an excellent tool for virtual meetings while working remotely from home or traveling. To ensure that video conferences are as secure as possible, we’ve prepared best practice guidelines to protect private data.

As a reminder, we start with best practices to select and configure any software:

  • Select only best-of-breed paid software by the Firm for all users
  • Utilize central account management and security features
  • Information must be encrypted at rest and in transit
  • Should offer the possibility of applying global settings to all or to groups of users
  • Need logging features (change logs, access logs, etc.)
  • Always update to the latest version
  • Vendor third-party due diligence should be made

When Staff or Advisors must use Video Conferencing tools from a client or a third-party:

  • Communicate as if someone is listening, do not share non-public information, use code names, etc.

Selecting/Configuring a Video Conferencing tool:

  • Select a Video Conference tool, not a remote-control tool
  • Ability to choose between private and public meetings (Webinar)
    • When used for private meetings:
        • Users should not use the same personal link repeatedly
        • Unique conference link should be used for each session
        • Guest(s) should be authenticated to be allowed in the session
        • Waiting Room should be enabled (the host will have to allow each user to enter the session)
        • Screen sharing from trusted participants only
    • When hosting public meetings:
        • All participants must be muted until the host allows them to talk
        • Users can use the same personal link repeatedly
        • The host should not allow other participants to have the rights they have

If you are using a Video Conferencing system not provided by your Enterprise:

  • Disable messaging/chat
  • Disable recording
  • Disable file sharing or uploads

While Video Conferencing platforms inherently harbor risk based on their nature, adhering to best practice guidelines will better protect your virtual communications.