Chances Are – You Have Been On A Zoom Conference
In The Last Few Weeks – But Is It Secure?
The short answer to this is – maybe 🙂 . If you have paid attention to the news (and who hasn’t in the last few weeks) you are probably aware of some significant security concerns with Zoom conferencing software and related services. However the question many people have is – how concerned should I be and how do I secure it?
Summary of the Risks
In a nutshell here are the main risks that have been brought up ;
- Zoombombing – a scenario where unwanted attendees are able to intrude upon a meeting and introduce unwanted audio, comments, or pictures effectively disrupting the meeting.
- Potential for your Windows credentials to be leaked through a Zoom conference
- No true end to end encryption of calls
- Unintended and/or unwanted additional software or code being installed with Zoom
How can you address these risks?
In order of the risks listed;
– Zoombombing – this was exploited by either not having a password for the meeting set or sharing the password publicly. Zoom has since made it the default for all meetings to have a password assigned. Unless you remove the password manually in the meeting setup, you should be OK.
HERE IS A LINK ON INSTRUCTIONS FOR PASSWORD SECURITY FOR MEETINGS.
The second part of this is if you share your meeting publicly, anyone will automatically have the password. We get it… sometimes you want to host a public meeting that anyone can join. For those instances Zoom has the ability to require registration to attend the meeting. This means that all users must give you their information to attend.
HERE IS A LINK FOR INSTRUCTIONS ON HOW TO REQUIRE REGISTRATION FOR ZOOM MEETINGS .
In addition to this you can enable the “Waiting Room” feature that puts all attendees in a virtual waiting room that requires you to manually admit them to the conference. While there is still the potential for a malicious attendee to register and join the meeting through the waiting room – it removes the conference as “low hanging fruit” for those wanting to disrupt.
HERE IS A LINK FOR INSTRUCTIONS FOR THE ZOOM WAITING ROOM FEATURE
– Potential for Windows credentials to be leaked – This vulnerability stems from a malicious attendee enticing others to click on a link in the chat window of a Zoom conference. The simplest way to address this is make sure(just as you would with email, online platforms, texts etc.) that you don’t click on links that are unexpected or from users you don’t know. There are some backend fixes that your I.T. department can deploy but seriously – don’t click on things that you don’t know what they are 🙂
– No end to end encryption of calls. Unfortunately at this point that is still a limitation of the Zoom platform. What this means is that there is the POTENTIAL for your call to be intercepted at the Zoom hub – but not by any other point in between. While the chances of that are very limited, the possibility does exist and given the discovery that some calls were recently routed through China, it is cause for concern for any complex security requirement or organizations with sensitive information on the calls.
– Unintended/unwanted software installed with Zoom. Again this goes back to the platform itself and a function of the actual installer. Zoom, for the most part, since there has been a heightened awareness of security concerns, is addressing those concerns daily and has committed to making security one of its priorities for the next few months.
Other Recommendations to Help Secure Meetings
These are normal security recommendations but have become more and more important as it relates to securing whatever video conferencing solution you are using;
- Don’t ever, ever, EVER reuse passwords between sites/services. Statistics show that over 70% of users use the same password on multiple sites and services!! Seriously…PLEASE stop doing that! Make it a priority today to change those passwords!
- Turn on two factor/multi-factor authentication for your accounts on any account that supports it. Its easy and and free – take advantage of it. HERE IS A LINK ON HOW TO TURN ON MULTI-FACTOR AUTHENTICATION FOR ZOOM
- Use a password manager to encourage the use of strong/complex and individual passwords for different accounts/services. DaZZee has an inexpensive option for this as well
- Train your end users on security awareness – statistics show that if you implement ongoing monthly end-user security awareness training you can reduce the occurrences of end-user initiated security incidents by up to 90%! If you need a solution for Security Awareness Training – DaZZee will even provide a free annual training for your organization!
What are the other options for video conferencing?
While with any software solution that has explosive growth like Zoom has had over the last 30 days – there are bound to be security issues raised with the increased usage and focus. Nothing is 100% secure nor will it ever be.
But each organization must make the decision to weigh the risks associated with tools and platforms they will use. Fortunately there are several very robust video conferencing solutions available;
Microsoft Teams – The good news is that if you are already an Office 365 subscriber, your subscription most likely already includes this very powerful messaging and conferencing solution. If you are not an Office 365 subscriber yet – you can get a free trial account for 6 months. If you don’t want the whole Office suite – Microsoft Teams by itself has a free version as well.
Cisco Webex – Webex has been in the video conferencing game for a long time and has a TON of features. Now Webex has a free account that covers you up to 100 attendees with no time limits on the conference.
Google Meet – If you are a Google G Suite or G Suite for Schools user – now Google Meet is free until September 30th 2020.
The Good News
The good news is that while there may be some security concerns around any software, the ease of use and availability of video conferencing has enabled millions of users to work from anywhere and most importantly, enabled many of us to work from home safely. So hats off to all video conference providers for keeping our businesses and organizations running and working from anywhere! With some good security practices and attention to detail – you CAN work remotely and get through these unprecedented times!
As always, if you have questions or concerns, DaZZee is here for you. :
Recent Posts
- The end of an era: Goodbye WordPad
- Beware these “too good to be true” Facebook ads
- Tempted to test new features before everyone else? DON’T BE!
- And breathe… the “file too large to send” problem is over
- Microsoft and Samsung team up to boost work phone security
- Is that Microsoft email actually a phishing attack?
- Google Calendar has a great update for hybrid workers