Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

Image of group meeting
Credit: Shutterstock

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.

So…where to start? Most virtual meeting services have built-in security features, and many providers will give you some basic security suggestions. 

Click for printable version
Click for printable version.

Regardless of your provider, here are a few simple options for holding a secure virtual meeting:

  • Follow your organization’s policies for virtual meeting security.
  • Limit reuse of access codes; if you’ve used the same code for a while, you’ve probably shared it with more people than you can imagine or recall. 
  • If the topic is sensitive, use one-time PINs or meeting identifier codes, and consider multi-factor authentication.
  • Use a “green room” or “waiting room” and don’t allow the meeting to begin until the host joins. 
  • Enable notification when attendees join by playing a tone or announcing names. If this is not an option, make sure the meeting host asks new attendees to identify themselves.
  • If available, use a dashboard to monitor attendees – and identify all generic attendees.
  • Don’t record the meeting unless it’s necessary. 
  • If it’s a web meeting (with video):
    • Disable features you don’t need (like chat, file sharing, or screen sharing).
    • Consider using a PIN to prevent someone from crashing your meeting by guessing your URL or meeting ID.
    • Limit who can share their screen to avoid any unwanted or unexpected images.  And before anyone shares their screen, remind them not to share sensitive information inadvertently.

This list is not all-encompassing, nor must you use every tool for every virtual meeting. Know your organization’s policies, think about the sensitivity of the topics to be discussed, factor in the logistics of the meeting, and pick the measures that make sense for each situation. Remember to trust your own judgment!

 

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Check out these tips from NIST on how to improve the security of your virtual meetings. Learn more on our blog: https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropp…

Where highly sensitive information may be shared, talk to a security professional first and take more precautions. Additional steps you should consider include:

  • Using only approved virtual meeting services using unique PINs or passwords for each attendee and instructing them not to share them.
  • Using a dashboard feature so you can see who all the attendees are at any time.
  • Locking the meeting once you have identified all the attendees and lines in use.
  • Allowing only hosts to share their screens.
  • Encrypting recordings, requiring a passphrase to decrypt them, and deleting recordings stored by the provider.
  • Conducting web meetings only on organization-issued devices.

NIST provides resources to assist employees while teleworking.  Those resources are available here.

About the author

Jeff Greene

Jeff Greene, former vice president of global government affairs and policy at Symantec, began a new role as director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on February 3, 2020.

For several years, Greene has served as an appointed member of NIST’s Information Security and Privacy Advisory Board, and as a special government employee at NIST to support the President’s Commission on Enhancing National Cybersecurity. He also worked closely with NCCoE as a Symantec representative.
 

Comments

Sometimes, when joining a virtual meeting, the camera and microphone are turned on by default. Even with my laptop camera covered, I try to turn off the camera and microphone (in the virtual meeting application interface) prior to joining the meeting not only for privacy but also to stop any background noises from disrupting the meeting.

Very informative especially when web meetings have become a norm and necessity. Delighted to know about the green room and waiting room feature.

Very relevant in the current scenario.

This is an important information one must take care. There is high possibility of eavesdropping while using same login /password. Need utmost care and frequent changing of login credentials .

Very useful aide memoire as we all become to familiar and a little blasé about the next video or audio call. It also reminded me to refresh the pin on my local facility!

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.