UPDATE: FBI Recommends Caution When Using Video-Teleconferencing Platforms, such as Zoom

By: Katie Lay


The FBI Released Steps that can be Taken to Mitigate Teleconferencing Hijacking Threats

As many Americans are now working from home, companies have been utilizing video-teleconferencing (VTC) platforms to host virtual meetings. In the last couple of weeks, reports of VTC hijacking or "Zoom-bombing" have emerged across the country. The FBI has received reports of conferences being interrupted by pornographic and/or hate images and threatening language. While much of the country remains under shelter-in-place orders, many people continue to rely on VTC platforms to perform their daily job duties. So, what can you do to help protect yourself and your co-workers from a VTC hijacking?

The FBI released the following steps that can be taken to mitigate teleconferencing hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) recognizes COVID-19 as a nationwide public health emergency. OCR will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.

Working productively from home requires extra measures to ensure you are protecting yourself, your company, and your data as best you can. While it is difficult to be secure 100% of the time, you can implement the steps above to help guard against teleconferencing hijacking.

Should you have any questions or need assistance with HIPAA or OSHA/Infection Control, please call us at 800.334.6071 or email info@layercompliance.com. You can also visit our COVID-19 resource page for more helpful updates.