TODAY'S PAPER
65° Good Morning
65° Good Morning
BusinessCoronavirus

Small Business: Video conferencing comes with security risks

Beth Granger, second from left at top, a

Beth Granger, second from left at top, a Port Washington-based LinkedIn and social media trainer, consultant and speaker, takes additional security measures since getting Zoombombed in late March.  Credit: Beth Granger

Video conferencing has become a way of life for most businesses since the pandemic.

While it’s now a necessary lifeline to communicate with employees and clients, it also poses its own security risks.

Incidents like “Zoombombing” have made recent headlines and as the platform works to address security issues, businesses should  take safety measures including adjusting security settings.

“Cybercriminals look for low-hanging fruit,” says Gabriel Friedlander, chief executive of Boston-based Wizer Inc., a security awareness training firm.

In particular, they look for the most widely used platforms to target, which is why Zoom has been a common target, he says.

This has become a bigger issue as communication channels are changing post-pandemic with the increase in videoconferencing usage, says Friedlander.

Zoom daily meeting participants have skyrocketed to over 300 million, making it a prime target for hackers, which has led to such incidents as Zoombombing, where unwanted guests crash a meeting. But data security and privacy are also issues if the wrong person gets access to a meeting, says Friedlander, who offers security tips via slideshow at https://tinyurl.com/yc8nsn7o 

Hopefully those issues will become less as companies address vulnerabilities. For instance, Microsoft Teams proactively fixed a vulnerability in its own platform recently (see https://tinyurl.com/ycsssrmc).

 Zoom is also addressing issues, say experts.

“The company is taking the latest security/privacy concerns very seriously, and is now devoting 100% of their development time to fixing any security and privacy issues,” says Reza Zaheri, founder of 1:M Cyber Security, a Santa Monica, Calif.-based cybersecurity training firm.

They have even gone “as far as hiring several cyber security industry heavyweights … to help lead these remediation efforts … so bravo to them for stepping up like that,” he says.

Zoom has addressed security in several blog posts including https://tinyurl.com/wpapka4 and https://tinyurl.com/wknedpv 

In a statement to Newsday, Zoom stated: “Zoom takes user privacy, security, and trust extremely seriously,” adding, in regard to Zoombombing “Zoom strongly condemns such behavior and recently updated several features to help our users more easily protect their meetings.”

They have even added a security toolbar icon making it easier to adjust security settings.

Frequent users like Beth Granger, a Port Washington-based LinkedIn and social media trainer, consultant and speaker, who was Zoombombed on a videoconference call in late March, said added features like this have helped.

“Zoom did a really good job in how they responded pretty quickly,” she says.

Since her Zoombombing incident, which happened on a webinar and involved someone sharing a pornographic photo, she has utilized features like locking the meeting once everyone is in; turning off the ability for someone to share their screen and putting people in the Zoom “waiting room” to control who can join the meeting.

Other best practices, according to Zaheri, include:

  • Always requiring a password to join the meeting
  • Not using a set ‘Zoom Personal Meeting ID’ (PMI) to host your meetings; Instead, generating a new random Meeting ID when scheduling a new meeting
  • Sending Zoom links directly to your participants, instead of sharing the links on very public social media posts
  • Subsequently sending the password in a separate message to your participants

“If you’re following standard best practices you’ll be able to use any of these tools properly,” says Ed Eisenstein, president of Farmingdale-based United Network Associates (UNA), Inc., an information technology consultancy.

When using a platform like Zoom, you should adjust the security settings on the desktop version where there are more features to do so and that should carry over to other devices, he says.

Consider, if you are dealing with more sensitive information, you may want to opt for a more proprietary licensed platform like Microsoft Teams, says UNA IT specialist Rik Nevone. UNA uses that platform primarily, as well as GoToMeeting.

“In my opinion, you get what you pay for," says Nevone.

If you do use Zoom you may consider the paid version, such as Zoom for Business, which provides some additional features for security-conscious organizations, says Anita D’Amico, chief executive of Code Dx, a Northport-based cybersecurity company, who uses Microsoft Teams and GoToMeeting.

Nothing is completely secure, she notes, but those platforms have had fewer repeated security flaws.

“It’s just a game of cat and mouse,” says D’Amico, noting hackers always look for new vulnerabilities.

But as with any of these platforms: “it’s a manageable risk as long as you are aware and take precautions,” including adjusting security settings within the platform, she says.

Fast fact

Zoom use has exploded since the pandemic. According to an April company blog post, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, was approximately 10 million. It’s now over 300 million.

A note to our community:

As a public service, this article is available for all. Newsday readers support our strong local journalism by subscribing.  Please show you value this important work by becoming a subscriber now.

SUBSCRIBE

Cancel anytime

More news