International Standards and Conformity Assessment for all electrical, electronic and related technologies

IEC virtual meetings security and best practices

Last update: 28th April 2020

 

1. Background

In this pandemic period, many governments have restricted the mobility of their populations and most of the IEC groups are holding virtual meetings using the Zoom tool provided by the IEC.
Earlier this month, a number of media reports pointed out that potential security and privacy issues had been identified concerning Zoom software. IEC immediately informed all registered users of IEC Zoom accounts.
As the security of our users is of utmost importance, IEC is pleased to note that many of the reported issues were addressed and rectified very quickly by Zoom. IEC has also implemented new default settings in support of recommended best practices for the security of Zoom meetings.

 

2. Revised IEC default Zoom settings

The changes made in the IEC default Zoom settings are the following.

  • Meeting passwords are required: an encrypted password is automatically embedded in the meeting link, so clicking the link takes participants directly to the meeting. There is no need to manually enter the password.
  • On starting a meeting, screen sharing is enabled only for the host: to allow other participants to share their screens the host can now use the Security button and click ‘Allow participants to Share Screen’ (see image below). It is no longer necessary to grant co-host privileges to other participants to allow them to share their screens:

     

  • Mute participants upon entry is enabled: participants are muted by default when they join a meeting. Participants are able to unmute themselves to speak.
  • Join before meeting has been disabled: participants can join a meeting only after the host has joined. We recommend that meeting hosts connect at least 10 minutes prior to the start of the meeting.
  • Meeting recording authorization is required: Hosts must request approval from participants before recording meetings.
  • Cloud recordings have been disabled: Only hosts can now make local recordings of meetings after participants’ approval as described above.
  • File transfer in chats has been disabled.
  • Allow users to sign in with a Facebook or Google account has been disabled.
  • Annotation has been disabled. Hosts can reactivate this in settings.

 

All Zoom users are also asked to ensure that they are working with the latest version of Zoom software. Users may either open the Zoom client and then click on the ‘Check for Updates’ option, or alternatively download the latest software directly from the Zoom web site: Download

 

Any newly scheduled Zoom meeting will use these default settings. Some of these settings may not be modified, but users may customize other settings to suit their needs. Further information is provided in the IEC virtual meetings guide (see 4).

 

3. Zoom usage restrictions by some organisations

In view of the risk mitigation measures that have been undertaken, Zoom remains the solution that IEC recommends, supports, and continues to provide free of charge to eligible members of our community for online technical and governance meetings.
However, we understand that some organisations have implemented policies that currently prevent their employees from using Zoom web conferencing. Where policies only restrict usage of the Zoom desktop client, participants may still be able to use one of these alternative ways of joining a Zoom meeting:

  • Phone dial-in
  • Use of the Zoom mobile application
  • Use of the Zoom web client

 

In cases where none of the above is possible, meeting organizers may choose to use a temporary alternative web conferencing solution such as Webex (free accounts are currently available at Webex supporting up to 100 participants and unlimited meeting duration), GoToMeeting, Skype or Microsoft Teams. This listing is provided for guidance only. Please note that IEC does not endorse or support the usage of any specific alternative solutions.

 

4. Revised IEC virtual meetings guide

The IEC virtual meetings guide, available on the IEC web site, has been updated and revised to provide additional information, and in particular some practical tips about the use of Zoom for the needs inherent in the management of technical meetings: IEC virtual meetings guide

 

Information on Zoom usage for IEC is subject to regular updates. Current information can always be found on this page.