Teltek Systems Telecom’s Security Best Practices for MaX UC & MaX Meeting
In response to potential concerns about security when using soft phones and web meeting services, Teltek is providing best practice recommendations for our MaX UC and MaX Meeting services.
Keep Up to Date
Update installed versions of the MaX UC Desktop, Mobile, and Meeting app to ensure known issues are fixed, lowering the risk of compromise. We push updates to the mobile apps and notify users to update their desktop clients. If you’ve ignored these notifications or aren’t sure that you’ve got the latest version, you can check by clicking “Help” and “Check for Updates.” If a new version exists, please update as directed.
Use Passwords to Protect Your Meeting
You may have heard about “Zoom Bombing”. This occurs when uninvited guests barge into a web meeting or chat that’s not password protected. People often post Zoom meeting numbers online, and without any protection, Zoom Bombers can enter private meetings. We’re not aware of any Zoom Bombing attempts against MaX Meeting users, and MaX Meeting was not affected by the reported Facebook or LinkedIn issues.
To counter these breaches at a minimum:
- Never share the link or MaX Meeting ID on public platforms.
- Avoid using the personal meeting ID.
- Allow MaX Meeting to generate a random ID for each meeting.
Also consider these additional precautions:
- Enable the option: “Require a password when scheduling new meetings.”
- Enable the option: “Require a password for instant meetings.”
- Disable the option: “Embed password in meeting link for one-click join.”
- Enable the option: “Require password for participants joining by phone.”
Share the Password Securely
When using MaX Meeting, don’t post the password on the public web or social sites as this defeats the purpose of using a password. Do not share data such as ID, passwords or pictures of your meetings publicly.
Use Waiting Rooms
Another way to stop Zoom Bombers from entering your chat or meeting is to use waiting rooms, which allows the host to screen everyone entering the meeting to ensure no one uninvited can get in.
Use the waiting room functionality as a host combined with a meeting password for attendees, along with setting screen-sharing functions to “host-only” for maximum security.
It’s also a good idea for hosts to manage meeting participants. To do that, you should ensure you are the only host. You also can control the camera and mute options as well as ensure participants can’t share their screen without approval.
Once in a meeting, Presenters can lock a meeting so that no others can join.
To do this click on “Manage Participants.” This will expose a view of the participants and the ability to manage them. On the bottom right, click “More,” then choose “Lock Meeting.”
Use MaX Meeting Advanced Settings:
- Start Meeting when Host Video is on
- Generate and require a password for participants joining by phone
- Mute participants automatically
- End-to-end Encryption
- Allow the host to put attendees on hold
- Break Out Rooms (Note: Remote Support must be disabled to enable Break Rooms)
- Waiting Room
Suggested Advanced Settings Example
Show a “Join from your browser” Link
Allow participants to bypass the Meeting application download process and join a meeting directly from their browser. This allows for participants who are unable to download, install, or run applications. Note that the meeting experience from the browser is limited.
Try to Avoid the Free Version of Zoom for Business Use
If you’re using the free version, there is certain data you might be sharing. Individuals using the free version are not be able to choose which countries their calls are going through. In addition, meetings with more than two people are limited to 40 minutes. MaX Meeting for 4, 10, 25, and 100 users is free until the end of June.
Teltek does not share or sell information of any kind. We are held to a high standard in the telecommunications industry and Teltekt meets full CPNI compliance requirements including annual training.
Information on CPNI is located at the FCC’s website at the link below: