COVID-19 Remote Operations

From CAPipedia
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

COVID-19 Remote Operations

For online training options Online_Training_Best_Practices

As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts.
Zoom is the most used video conferencing tool available and has some security issues. Zoom has pledged to fix some of the problems with security, but all the fixes are not in place yet. Here's link to the Zoom CEOs blog https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
REMEMBER ZOOM IS NOT SECURE, PLEASE BE AWARE OF OPSEC --DO NOT DISCUSS THOSE ITEMS ON A ZOOM CALL Quick review of OPSEC
The following steps can be taken to mitigate teleconference hijacking threats:

  • Uninstall the Zoom client from all systems (Desktops, Laptops, and Mobile phones)
  • Use the “dial-in” feature if video services or screen sharing is not required, and use the “web-client”
  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Does your squadron/group or Wing have a TechSoup Account? www.techsoup.org. If you don't have an account, sign up for deeply discounted software, hardware and training.

Online Storage

Google Drive

https://www.google.com/drive/

pCloud

https://www.pcloud.com/

Microsoft OneDrive

https://onedrive.live.com/

Dropbox

https://www.dropbox.com/

Video Conference Free

Some of the free options also have a paid option

Zoom Meeting

https://zoom.us/

Skype Meeting

https://www.skype.com/en/

FreeConference

https://www.conferencecalls.com

Google Hangouts

https://hangouts.google.com/

Cisco Webex

https://www.webex.com/

Microsoft Teams

https://products.office.com/en-US/microsoft-teams/group-chat-software Microsoft Has a free Non-profit option. This is takes a little work, but it is worth it.

Video Conference Paid

GoToMeeting

https://www.gotomeeting.com/

Microsoft Teams

https://products.office.com/en-US/microsoft-teams/group-chat-software

Zoom Meetings

https://zoom.us/

LifeSize

https://www.lifesize.com/

GoogleMeet

https://meet.google.com/

Cisco Webex

https://www.webex.com/

Zoom Safety Checklist

Before Meeting:

  • Disable autosaving chats
  • Disable file transfer
  • Disable screen sharing for non-hosts
  • Disable remote control
  • Disable annotations
  • Use per-meeting ID, not personal ID
  • Disable “Join Before Host”
  • Enable “Waiting Room”

During Meeting:

  • Assign at least two co-hosts
  • Mute all participants
  • Lock the meeting, if all attendees are present

Tips for Staying Secure Using GoToMeeting

  • As cases of Coronavirus (COVID-19) continue to spread across the globe, more and more people are shifting to remote work. With this global shift, there are increased cyber and phishing attacks, scammers, fake websites, and more. GoToMeeting uses robust encryption mechanisms and protocols designed to ensure the confidentiality, integrity, and authenticity for data that is transmitted between LogMeIn and users and stored within LogMeIn. While we are actively tracking COVID-19 related malicious activity, there are additional measures you can take to stay secure while working and meeting remote.

What you can do for additional GoToMeeting security

  • Password protect your meetings. Require attendees to enter a meeting password when they join. For security reasons, GoToMeeting does not send the password for you - you must include the password in the meeting invite or send it to attendees in other ways (email, chat, etc.). If you plan to record a password-protected meeting, it'll be saved locally to your computer even if you have cloud recording enabled. Learn more.
  • Lock your meeting once you're in session. To prevent unexpected attendees from joining your current session, lock your meeting. You'll be notified when an attendee attempts to join and can easily connect all waiting attendees to the meeting by unlocking. Learn more.
  • Dismiss attendees you don't recognize. If there is an unidentified attendee or a name you don't recognize, excuse them. They will immediately be removed from the session and notified. Learn more.
  • Give recording access to specific people. For full control over your recording, enter email addresses of those who can view your meeting recording. To view, those users will have to enter their email address and a 6-digit confirmation code. This can be done at an account level or per recording. Learn more.
  • Share specific content of your recording. Include and exclude specific content (video, transcription, notes, session info) in your shared meeting recording. Learn more.

Set an expiration date on your recording. For security purposes, your recording link expires after 7 days by default. Change the expiration date to expire after one day up to one year. Once expired, no one will be able to access the recording besides you (the organizer). Learn more.

  • Use a new meeting ID. For confidential meetings, schedule a one-time meeting rather than a recurring meeting room. This will generate a new meeting ID and dial-in audio information.