It’s all over the news. Hackers storming online classrooms, board meetings, yoga classes and even happy hours in search of ‘video-bombing’ or disrupting your next online video conference with mayhem.
Over the past few weeks, Zoom video conferencing has exploded. Today, the platform is seeing the likes of 200 million users a day (compared to almost 10 million before this COVID-19 crisis began).
With that increase of daily traffic, so too comes all sorts of security problems beyond mayhem seekers looking to ruin your next conference.
This begs the question: is Zoom safe for work?
My short answer is yes. But I do want to get into a bit more detail why you need to make sure you team is protecting themselves when working remote today even more so than a few weeks ago.
The truth is our work environment has changed so much in the past couple of weeks that hackers are looking for new opportunities to break in. If you and your teams aren’t careful, criminals will have an easier time breaking in now than they would have in your normal office setting.
Zoom—amongst many other remote working tools on the market—were never designed around securing your teams. Rather they were initially designed and used because teams needed a way of connecting between offices.
Video conferences as a whole was never designed exclusively for at-home work. And neither were many of the products your teams are using.
The laundry list of issues arising with Zoom:
Privacy Issues—Zoom’s privacy policy recently came under fire for making it easy for 3rd party companies to retain and sell information about your—information like videos, transcripts and shared notes. As the company started dealing with outcries to their lax privacy policy, they’ve moved to tighten their policies around your privacy, specifying that it doesn’t use data from your meetings from advertising (it still notes that it uses any data from their website for marketing and market research).
Some other privacy-related issues that Zoom fixed this past week include data sharing with Facebook from the mobile Zoom app and attendee tracking information.
Videos stored on public access sites—researchers also found that some Zoom video recordings—those recording that you have the option to record prior to starting your meeting—were being stored wide-open on Amazon. This might be concerning if you are discussing confidential information on your calls or have concerns of information disclosure.
Security flaws—security researchers discovered a flaw in the Windows application, making it vulnerable to code injection to steal your Windows login credentials and execute commands on your system. Zoom issued a patch for this bug on April 2 (you will want to make sure that your users are up to date on their Zoom version).
While Zoom has assured its users of end to end protection, recent findings by security analysts showed that many Zoom conferences were being transmitted to servers in places like China (where endpoint protection might not be securing your conference video and other related information).
Fake websites—one of the biggest security risks to your business in my opinion is one of the biggest risks to your network security. Hackers are spoofing websites like Zoom.com and Gotomeeting.com in effort to lure typo-prone remote workers to their fake sites. The sites mimic the legit site in look and even functionality.
When you or someone on your team visits one of these fake sites and download the Zoom.exe file to start a video conference, what they don’t realize is that in the background, a ransomware or keylogger virus is collecting your information and looking for the best time to shut down all of your files.
During COVID-19, cybercriminals are hitting back harder. They’re looking for the easy loopholes in your remote tools and the lack of defenses from your now home-based users that make getting into corporate networks even easier.
Hackers understand that their window is during the quarantine or shelter-in-place period where all—or at least most—of your employees are forced to not come into your offices. NOW is the moment hackers are seizing the day on easy ins to your network.
How can you make Zoom more secure for your teams?
Password protect— to avoid mischievous activity from ‘Zoom-bombers’, make sure your meetings are password protected. Hackers will seek out the low hanging easy fruit if they’re stirring for some conference call disruption.
Save recording on a different platform local to your machine—to avoid data breaches related to video files stored in unsecured places, opt to record your meetings in house and store the recordings in a secure place afterwards. We often assume that everyone is securing our data, but when you scratch the surface, most aren’t. Better take the mantra of being safe—especially if you don’t want your videos shared online.
Train your team to install executable installers well-before the meeting—get your teams in the habit of having their tools installed prior to arriving at a meeting. If you have an IT provider or team, make sure that they install the applications your team needs instead of relying on team members to install their own apps.
So….To answer the question above, is Zoom safe or not?
To give Zoom credit, they never were designed or promised the security we now expect of the platform and the Zoom team has made big strides in short periods of time to try and shore up security weaknesses no one ever thought to point out before.
I would say Zoom and other tools are safe enough to use IF you are keeping your team members conscious of their risks with at-home work.
One of the easiest ways? Sign your team up for a FREE cybersecurity at home checkup. Why not know where your weaknesses are rather than having to wait for someone in an article like this to key you in?
