COVID-19 Remote Operations

From CAPipedia

COVID-19 Remote Operations

For online training options Online_Training_Best_Practices

As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts.
Zoom is the most used video conferencing tool available and has some security issues. Zoom has pledged to fix some of the problems with security, but all the fixes are not in place yet. Here's link to the Zoom CEOs blog https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
REMEMBER ZOOM IS NOT SECURE, PLEASE BE AWARE OF OPSEC --DO NOT DISCUSS THOSE ITEMS ON A ZOOM CALL Quick review of OPSEC
The following steps can be taken to mitigate teleconference hijacking threats:

  • Uninstall the Zoom client from all systems (Desktops, Laptops, and Mobile phones)
  • Use the “dial-in” feature if video services or screen sharing is not required, and use the “web-client”
  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Does your squadron/group or Wing have a TechSoup Account? www.techsoup.org. If you don't have an account, sign up for deeply discounted software, hardware and training.

December 2020 Zoom and Microsoft Teams Phishing Attacks

There are new Zoom (and Microsoft Teams) phishing attacks you need to watch out for. The Better Business Bureau has three great tips.

"Out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule,’"

You might even receive a message welcoming you to the platform and requesting you click on a link to activate your account. the BBB warned:

“Double check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If an email comes from a similar-looking domain that doesn’t quite match the official domain name, it’s probably a scam. “Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it came from, never click on any links, files, or images it may contain. “Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.” Remember: Think Before You Click." It is more important than ever these days." Stay Vigilant!

Online Storage

Google Drive

https://www.google.com/drive/

pCloud

https://www.pcloud.com/

Microsoft OneDrive

https://onedrive.live.com/

Dropbox

https://www.dropbox.com/

Video Conference Free

Some of the free options also have a paid option

Zoom Meeting

https://zoom.us/

Skype Meeting

https://www.skype.com/en/

FreeConference

https://www.conferencecalls.com

Google Hangouts

https://hangouts.google.com/

Cisco Webex

https://www.webex.com/

Microsoft Teams

https://products.office.com/en-US/microsoft-teams/group-chat-software Microsoft Has a free Non-profit option. This is takes a little work, but it is worth it.

Video Conference Paid

GoToMeeting

https://www.gotomeeting.com/

Microsoft Teams

https://products.office.com/en-US/microsoft-teams/group-chat-software

Zoom Meetings

https://zoom.us/

LifeSize

https://www.lifesize.com/

GoogleMeet

https://meet.google.com/

Cisco Webex

https://www.webex.com/

Zoom Safety Checklist

Before Meeting:

  • Disable autosaving chats
  • Disable file transfer
  • Disable screen sharing for non-hosts
  • Disable remote control
  • Disable annotations
  • Use per-meeting ID, not personal ID
  • Disable “Join Before Host”
  • Enable “Waiting Room”

During Meeting:

  • Assign at least two co-hosts
  • Mute all participants
  • Lock the meeting, if all attendees are present

Tips for Staying Secure Using GoToMeeting

  • As cases of Coronavirus (COVID-19) continue to spread across the globe, more and more people are shifting to remote work. With this global shift, there are increased cyber and phishing attacks, scammers, fake websites, and more. GoToMeeting uses robust encryption mechanisms and protocols designed to ensure the confidentiality, integrity, and authenticity for data that is transmitted between LogMeIn and users and stored within LogMeIn. While we are actively tracking COVID-19 related malicious activity, there are additional measures you can take to stay secure while working and meeting remote.

What you can do for additional GoToMeeting security

  • Password protect your meetings. Require attendees to enter a meeting password when they join. For security reasons, GoToMeeting does not send the password for you - you must include the password in the meeting invite or send it to attendees in other ways (email, chat, etc.). If you plan to record a password-protected meeting, it'll be saved locally to your computer even if you have cloud recording enabled. Learn more.
  • Lock your meeting once you're in session. To prevent unexpected attendees from joining your current session, lock your meeting. You'll be notified when an attendee attempts to join and can easily connect all waiting attendees to the meeting by unlocking. Learn more.
  • Dismiss attendees you don't recognize. If there is an unidentified attendee or a name you don't recognize, excuse them. They will immediately be removed from the session and notified. Learn more.
  • Give recording access to specific people. For full control over your recording, enter email addresses of those who can view your meeting recording. To view, those users will have to enter their email address and a 6-digit confirmation code. This can be done at an account level or per recording. Learn more.
  • Share specific content of your recording. Include and exclude specific content (video, transcription, notes, session info) in your shared meeting recording. Learn more.
  • Set an expiration date on your recording. For security purposes, your recording link expires after 7 days by default. Change the expiration date to expire after one day up to one year. Once expired, no one will be able to access the recording besides you (the organizer). Learn more.
  • Use a new meeting ID. For confidential meetings, schedule a one-time meeting rather than a recurring meeting room. This will generate a new meeting ID and dial-in audio information.

Office 365

Office365