Ten Steps for Safer and Secure Video Calls
Author: Alisha Dowell
As we deal with current restrictions and personal distancing rules, it becomes more important than ever for investment advisory firms to connect with their clients and figure out how to best offer services moving forward. One way advisors are doing this is through replacing in-person meetings with video calls. While this new method of connecting may help advisors maintain business continuity and provide services to clients, it may also come with some safety and security concerns. The following are some best practices for advisors to use when utilizing video call services:
1. Keep Up to Date
Any user-facing service can suffer from security vulnerabilities. One of the most important steps you can take is to keep any installed version of the video conferencing mobile or desktop app up to date. This ensures identified issues are fixed, therefore lowering your risk of a compromise in security.
2. You Get What You Pay For
There are several different account types available from each service provider, each with different privileges and powers. For example, a basic Zoom account may be free and allow you to have one-to-one meetings, but for meetings with more people there is a time limit. Zoom also offers a pro account, which gives the user administrative abilities, such as enabling and disabling recording, and extends meeting limits to 24 hours. Depending on your firm’s needs, you should ensure that the account type you’re utilizing for business services has the necessary privileges and protections in place.
3. Don’t Share Meeting Details in Public Access Areas
This is probably the most important tip for ensuring the security of your meeting. Most video meetings have a link that, if clicked, allows anyone to join. Sharing this link on a publicly accessible site makes it much more susceptible to hackers, who can then bomb the call or cause other problems in the meeting. The same concerns apply to sharing meeting IDs.
4. Use Random Meeting IDs
If your firm is using meeting IDs instead of links to host virtual events, make sure you use a randomly generated ID specific to that event, rather than your personal meeting ID. If you share your personal meeting ID, anyone who sees it can not only join that meeting but can crash your virtual meeting space at any time.
One way you may inadvertently share your meeting ID is by sharing a screenshot of your firm having a video call. The novelty of conducting business in this way inspires many people to show off their events and work meetings on social media. The problem is that when you post a screenshot of your video call, you may be sharing meeting information or client information with the public.
5. Set Passwords on Your Meetings
All virtual video meetings should have both an entry link or ID and a password. These security measures are only as effective as the users who enable them. Meeting passwords are useless if they are shared on public platforms alongside a meeting link or ID.
6. Authenticate Users
Another way to avoid putting up a public link or meeting ID is by instead using a registration system to authenticate users. You can use a registration system to register the details of those who want to attend a session, and then the registered attendees can be sent a private message with the link and password to join the meeting.
7. Set Up a Waiting Room
When scheduling a meeting, you have the ability to ‘enable waiting room’. This means that when participants join the meeting, they will be added to a virtual waiting room, where the host of the meeting can vet participants before allowing them to join the call.
8. Restrict Participant Powers
You can restrict the powers of your participants during meetings. For example, you can mute all attendees upon entry to ensure no disruptions occur. You can do this while scheduling the meeting or once you have entered the meeting. You can also ensure only the host has the ability to share his or her screen and you can restrict chat options.
9. Lock the Meeting
Another helpful security feature is locking a meeting once it has started, just like you would lock your front door once everyone is in for the night. Locking the meeting prevents any further participants from joining. This is especially ideal for private client meetings.
10. Avoid File Sharing
Use caution when utilizing the file-sharing feature of meetings, especially if it contains client information. Instead, share material using a trusted secure service. In addition, be sure to conduct the video call in a location that is free from other client information / personal identifiable information (PII) (i.e. a clean conference room, etc.) to minimize the risk of a privacy issue.
We are all navigating this new landscape together. If your firm needs assistance with addressing these issues, please contact Key Bridge Compliance, LLC at keybridgecompliance.com, or by sending us an email at firstname.lastname@example.org to discuss your questions further.