Covid-19 and the sudden shift to a mobile workforce have thrust videoconferencing solutions like Zoom into the global spotlight and moved it from being a communication tool almost into critical infrastructure consideration.
But, Zoom has been in the spotlight for the wrong reasons recently.
It first came under fire following security concerns raised by The Washington Post who said that thousands of Zoom videos could be viewed online through a simple online search because Zoom named every video recording in an identical way. One search for these recordings apparently revealed more than 15,000 results.
Zoom has also been in the spotlight due to several high-profile hacks where some video feeds were hijacked to show pornography. Concerns over Zoom’s security have led to it being banned for use in Singapore schools and by the Taiwanese Government.
But, is all really lost?
The team from Hardware Zone (a fellow SPH Magazines title) spoke to Tom Kellermann, Head Cybersecurity Strategist at VMware Carbon Black, who highlighted a few best practices to help boost security while using Zoom or other videoconferencing tools.
Here are some of his high-level tips to help keep videoconferencing secure:
- Update the application. Videoconferencing providers are regularly deploying software updates to ensure that security holes are mitigated. Take advantage of their diligence and update the app prior to using it every time.
- Lock meetings down and set a strong password. Make sure that only invited attendees can join a meeting. Using passwords that are full sentences with special characters included, rather than just words or numbers, can be helpful. Make sure you are not sharing the password widely, especially in public places and never on social media. Waiting room features are critical for privacy as the meeting host can serve as a final triage to make sure only invited participants are attending. Within the meeting, the host can restrict sharing privileges, leading to smoother meetings and ensuring that uninvited guests are not nefariously sharing materials.
- Use code words. If sensitive material must be discussed, ensure that the meeting name does not suggest it is a top-secret meeting, which would make it a more attractive target for potential eavesdroppers. Using code words to depict business topics is recommended during the cybercrime wave we are experiencing.
- Restrict the sharing of sensitive files to approved file-share technologies, not as part of the meeting itself. Using a sharing site that only attendees have access to (and ideally has multi-factor authentication in place) is a great way to make sure sensitive files touch the right eyes only. This should be mandated as this is a huge Achilles heel.
- Use a VPN to protect network traffic while using the platform. With so many employees working remotely, using a virtual private network (VPN) can help better secure internet connections and keep private information private via encryption. Public Wi-Fi can be a gamble as it only takes one malicious actor to cause damage. Do not use public Wi-Fi, especially in airports or train stations. Cybercriminals lurk in those locations.
- If you can, utilise two networks on your home Wi-Fi router, one for business and the other for personal use. Make sure that your work computer is only connected to a unique network in your home. All other personal devices – including your family’s – should not be using the same network. The networks and routers in your home should be updated regularly and, again, should use a complex password. Additionally, you should be the only system administrator on your network and all devices that connect to it.
At the end of the day, everyone has a role to play in mitigating the cybercrime wave. Just remember these best practices the next time you connect. (For those still wary of Zoom, here are some alternatives.)
By Ken Wong, Hardware Zone, April 2020
More on The Finder: