CIT developed a guide on security and privacy best practices, plus a cheat sheet for users. It shows which conferencing tool is best for a meeting’s specific needs based on the number of users; the tool’s features, such as closed captioning; and whether the meeting is a one-way stream or an interactive session. The IT staff also scheduled training sessions on how to set up and use videoconferencing apps.
Because the training sessions were so popular — “it was like trying to get your kids into a camp or to buy concert tickets,” Alboum says — CIT recorded one for people who couldn’t attend.
In the spring, NIH Director Dr. Francis Collins wanted to hold a virtual town hall meeting, but the agency’s existing conferencing tools could not handle the entire workforce. Cisco came through with Vbrick’s Rev platform that successfully streamed the one-hour meeting and interactive Q&A session to 23,000 attendees.
Overall, Alboum says, “the tools have been stable and have supported record-breaking usage.”
In March, when it became clear that government, education and the private sector would rely on telework to continue operations, Greene at NCCoE thought about his past virtual meeting practices and realized he was lax on security, frequently using the same dial-in numbers.
He spoke to colleagues, who told him that few people were thinking about videoconferencing security and encouraged him to write about best practices. So, he wrote two blog posts providing advice on how to ensure security and privacy for virtual meetings.
“It’s changing the mindset of having a conversation or having a meeting to ‘this is a data exchange, and you need to treat it like any other data exchange,’” he says.
MORE FROM FEDTECH: Discover how to make telework a success at your agency.
Best Practices for Virtual Meetings
Greene follows his own advice when he sets up videoconferences. First, he decides how sensitive a meeting is (low, medium or high sensitivity) to determine which security measures he should apply.
For a public meeting, he limits who can share their screens and automatically mutes people. For more sensitive meetings, he uses new dial-in numbers or one-time meeting codes.
NIST standardizes on several videoconferencing apps. Through a dashboard, he checks who joins. And if the meeting is extremely sensitive, he uses a “greenroom,” or waiting room, and admits participants individually.
“It takes time, but it allows you to keep control of who’s on there,” he says.
During the early months of the pandemic, Greene attended phone and videoconferences daily with colleagues, other agencies and industry partners.
Overall, his team has remained productive, working with tech vendors, academic institutions and other agencies on projects such as 5G security, post-quantum cryptography and developing a zero-trust architecture.
“We’ve adapted to working from home, and we’re moving along at a pace that’s comparable to before,” he says. “We’re finding more ways to get things done.”