NCSC Publishes Guidance to Secure Online Meetings for Small‑and‑Medium Enterprises
What Happened — The UK National Cyber Security Centre (NCSC) released a practical guide titled “How to secure your online meetings”. The document targets small‑ and medium‑sized organisations (SMEs) and outlines step‑by‑step controls for selecting, configuring, and operating video‑conference platforms safely.
Why It Matters for TPRM —
- Online meeting services are a common third‑party SaaS used across all sectors; insecure configurations can expose confidential business data.
- Weak account hygiene or mis‑configured meeting links are a frequent entry point for phishing, credential stuffing, and ransomware delivery.
- Vendors that host meeting platforms may become a supply‑chain risk if their security posture is not verified against best‑practice controls.
Who Is Affected — All industries that rely on remote collaboration, especially professional services, finance, healthcare, and education that use third‑party video‑conference tools.
Recommended Actions —
- Review contracts and security questionnaires for any online‑meeting SaaS providers.
- Verify that the provider supports strong authentication (2SV/passkeys) and regular patching.
- Ensure your organisation enforces meeting‑access controls (waiting rooms, passcodes, authenticated‑only joins).
- Incorporate the NCSC checklist into your vendor‑risk assessment framework and audit compliance annually.
Technical Notes — The guidance does not reference a specific vulnerability; it focuses on hardening practices such as: strong, unique passwords; two‑step verification; app‑level updates; restricting meeting links; and managing data retention for recordings, transcripts, and AI‑driven assistants. Source: https://www.ncsc.gov.uk/guidance/how-to-secure-your-online-meetings