With more and more companies issuing mandatory work-from-home policies due to the rising severity of COVID-19, the business world has seen a dramatic rise in the usage of video conferencing. Online communication platforms like Zoom or Skype has seen a massive increase in usage over the past few weeks as many households and organisations, to communicate both personally and professionally.
However, given its popularity, and as the interest and usage of the platform increases, cyber criminals will see this as an opportunity.
Cyber security company Check Point Software Technologies witnessed a major increase in new domain registrations with names including “Zoom” during the past few weeks. Since the beginning of the year, more than 1700 new domains were registered and 25 percent of them were registered in the past week.
Here are some comments from security experts on the above topics and some security tips about using video conferencing.
Jonathan Knudsen, Senior Security Strategist, Synopsys Software Integrity Group
We are fortunate that when circumstances dictate that we must work remotely, we have technological solutions that help us stay in touch with other people in our professional and personal lives.
Video conferencing helps people stay connected by being able to speak to each other, see each other, and share text and files. Like any other technology, however, video conferencing has security risks that must be considered.
The first and most important consideration when setting up a meeting is making sure that it has a password in place. This helps ensure that your meeting will contain only the people you are expecting. Use a strong password — something with letters, numbers, and symbols — that is long enough that it would be very difficult to guess. Be careful also about sharing the meeting information. And finally, monitor the attendee list during the meeting to be sure you don’t see anyone unexpected.
Beyond the threat of casual eavesdroppers, make sure your video conferencing platform protects your meeting and its data by encrypting the data between participants. Ideally you want outgoing content (video, audio, text, files) to be encrypted by each participant and decrypted when it arrives to the other participants. This ensures that your meeting content is transported over the network encrypted so that anyone eavesdropping on the network traffic will see only unintelligible encrypted data.
It is also important to be careful with meeting recordings. Make sure your video conferencing platform encrypts recordings and requires a password or other authentication to view them. Again, be careful about distributing the recording information so it does not fall into the wrong hands.
Omer Dembinsky, Manager of Cyber Research at Check Point Software Technologies
We see a sharp rise in the number of “Zoom” domains being registered, especially in the last week. The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit. Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.
Aaron Zander, Head of IT, HackerOne
Online meetings are increasingly productive tools that allow people to work from anywhere. But they come with a caveat: Sharing the meeting ID or URL can allow people to drop in and listen to sensitive conversations, record your voice or video, and infiltrate your new virtual workplace.
With the online conferencing boom taking over social media, be careful how much you share in your screenshot. Some meeting tools allow you to limit meetings to only people in your organisation or add a password, but not all do. It’s important to understand the link sharing options for file sharing – this includes video links and services like Zoom. The last thing you want is an intruder (external or internal) to drop in on sensitive meetings.