Agencies like the National Institute for Standards and Technology have raced to develop updated guidance to agencies and the private sector for how to conduct their work safely in a remote environment.
A note posted last month by Jeff Greene, Director of the National Cybersecurity Center of Excellence warns users to immediately report "unusual web meeting requests" to their IT managers and get confirmation over the phone or other means before accepting.
Greene said his agency quickly flagged virtual meeting security as a top concern going into the lockdown. Whether using video teleconferencing or phone meetings, he advised groups to examine their default settings around recordings or cloud storage, login information and attendee access to ensure their choices are deliberate and use one-time identification numbers for high sensitivity discussions.
"With respect to approaching anything more than a routine call…we suggest that you think about the sensitivity of the information you're going to discuss, think about the privacy implications if it came out and group it in your mind…in a low, medium and high [risk] context," Greene said during a Mar. 23 webinar hosted by the Cybersecurity Coalition.
Such oversights are common, Greene said, even for those who deal with cybersecurity issues on a regular basis.
"I can't count the number of times in my last job that I reused the same call-in phone number and passcode, and it was easy because I memorized it and could type it in quickly, but from a security perspective it was not probably the best practice," he said.
Read more at: FCW