In the midst of the coronavirus outbreak, local and state governments in the U.S. have instituted shelter-in-place orders, quarantines and lockdowns. As a result, video chat programs have skyrocketed in popularity as people work from home and try to coordinate meetings digitally.
Zoom has become the most popular of the video chat apps. Unfortunately, Zoom’s security flaws like, “Zoombombing” and built in tracking features made it less than ideal for businesses and employees that want to keep themselves as safe as possible.
It has also been subject to a number of scandals and lawsuits due to these security issues and CEO Yaun has since stated Zoom will freeze features updates to address issues.
Data Issues & Privacy
Another big issue is Zoom was not end-to-end encrypted. They are “transport encrypted, meaning data is accessible to Zoom. Furthermore, user emails, files and photos were being leaked
Here are some vulnerabilities to keep in mind while using video conference and a few things you can do to avoid them.
As mentioned previously, zoombombing is one of the issues Zoom has with its video chat app. It’s when users of Zoom get their meetings highjacked by outside actors during a video conference. This is a type of cyber attack that’s proving increasingly more dangerous as schools, universities and private companies are jumping on platform to continue their work.
To protect yourself and your business from “Zoom bombing”, the FBI recommends the following safety measures:
- Ensure meetings are private. This is achieved by either requiring a password for entry or controlling guest access from a waiting room.
- Consider your security requirements when choosing a service. If you need end-to-end encryption, verify that the videoconference service has it.
- Ensure software is updated. Using an older version of the app could leave you open to a security breach.
As you can see, this doesn’t only apply to Zoom alone. These tips are applicable to all video conference services. However, the two most used applications now are Zoom and Microsoft Teams.
Use a Domain Based Approach
A domain based approach to security in video conferencing allows system administrators to assign different levels of permission to users. This is achieved either by the video conference service or in house IT. This means if a hacker attempts to video call someone in the company, the hacker will have to wait until someone with the relevant credentials signs on and grants him access.
Selling Your Data
Like Facebook, Zoom has been caught with its hands in the cookie jar when it comes to user data. According to an article by Vice motherboard, Zoom sends user data to Facebook regardless of the user having a Facebook account.
Zoom uses Facebook’s software development kit to employ features into their apps in an easier way. However, this has the added result of sending data to Facebook. For Zoom users, that means Facebook knows whenever a user opened Zoom and from which device it was accessed. Moreover, if a user is using a phone it would tell Facebook what carrier they had, their location and their unique advertising identifier.
Motherboard reported Zoom would stop sending certain data to Facebook.
In this case, either use a different Video Conference app that guarantees end-to-end encryption. If you’re using Zoom, review your security setting and try minimizing permission to access as much as possible.
Put a Video Conference Policy In Place
A video conference policy lets you set expectations and limits when using a video conference app like Zoom or Microsoft Teams. Companies should outline specific protocols for using Video conferencing that address the following questions:
- Who gets permission to record a video conference from everyone on the call? Can recording be done?
- Can personal mobile devices be used on a conference call? If so when and under what circumstances?
- When can sensitive information be discussed and with whom?
- When and how should the cameras be used?
- When and how should microphones be used?
- Who gets remote control access to cameras and who doesn’t?
When using Video Conferencing
Remember to address employees and co-workers cordially, keeping in mind safe practices and procedures as if you were in office. Video conferencing applications are a useful tool but they aren’t perfect and should be used with caution.