In the mad rush to make workplaces remote, not to mention daily life, most of us fumbled our way through learning how to Zoom. Or, we quickly learned Google Meet or GoToMeeting. All of these platforms offer essentially the same service. But are they secure enough for bankers to discuss sensitive topics like home mortgages and wealth management with their customers? What about the board? The answer is yes, but as with a lot of tech, security is in the hands of the user, who carries a lot of responsibility, sometimes unknowingly.
Allow me to pick on Zoom. In the early crush to go remote, the platform was caught flat footed as significant security flaws made the connection fairly easy to compromise. Security was far below what a bank would call acceptable. A phenomenon that became known as “Zoom bombing” developed, where random people could join a session. To give Zoom a break, they had no way to know their user base was about to scale up beyond any scenario they could have imagined.
Zoom has worked overtime to spackle over its security flaws and by most accounts has done so. Its new encryption scheme has drawn some skepticism, but it is largely praised for the changes it made. With better security now in the back end, it’s important to recognize that many remote meeting security issues, including Zoom’s, resulted from users mismanaging a session — namely the host.
If a host can’t control a problem, the bank can. Concepts that apply to, say, email security apply here as well. The host of a remote meeting has to take control and take some care in the set-up and execution of a meeting and not open the meeting up to outsiders.
Here are other simple things to do to make remote meetings much more secure, as taken from a survey of fintech blogs and tech security blogs. It’s never too early or late to establish rules and make sure bank employees continue to follow them.
Do not share your meeting links on social media. While this likely applies more to group meetings, including those of the board and shareholders, it’s to be avoided altogether. People who receive a meeting link should also be instructed to never share it on social media.
In the case of a Zoom bombing, trolls would search Facebook and Twitter for meeting links and show up to cause trouble, not commit crimes, per se. Still, keeping the link in only the hands of the people who need it is an organic solution to a digital problem.
Protect your remote meeting with a password. Duh. But reports of misuse or compromised meetings tend to have this in common. The business versions, if not the free ones, of the major remote communications platforms all offer this level of protection. The rule about social media obviously applies here as well. This adds one more step to getting into the meeting, but the security enhancement is enormous.
If possible, always use a web browser to host or attend a meeting. After the dust settled and major platforms scaled up to meet the spike in use they all updated their apps with enhanced security. But your web browser has been leading the security charge on your laptop and desktop for many years. Transmissions through your web browser are generally considered safer as they add another level of encryption to the meeting.
Use the equivalent of a “waiting room.” This is yet one more layer of slight inconvenience but comes at the gain of total control to meeting access. Once an invitee joins with a password they must wait for the human host to allow them in. In the early goings of COVID, Zoom also got in trouble for not having this feature turned on as a meeting default. That has since changed with other platforms following suit, or at least installing this as an option.
Plan carefully what you want people to hear and see. There can be a casualness to the format of remote meetings that allows for all sorts of unintended noises, facts and information getting put out there a user might wish they could take back. While a flushing toilet might simply cause embarrassment, accidentally sharing your screen and a window you didn’t want to be seen could cause real problems. Avoid this by simply getting your thoughts and computer in order before putting on a nice shirt, combing your new COVID hair-do and getting to work.