By Adrian Paul B. Conoza,
Special Features Writer, BusinessWorld
The measures implemented in response to the coronavirus disease 2019 (COVID-19) might have hindered people from gathering together as peers, teams, or organizations. Thanks to technology, though, people can still connect with each other while they are confined to their homes.
Video conferencing tools like Zoom, Microsoft Teams, and Google Hangouts Meet, among others, have been highly used for meetings and other tasks once companies shifted to a work-from-home setup. However, as the use of video conferencing increases during this crisis, the concerns over security and privacy have also been raised. Zoom, in particular, was under fire for issues found in its privacy and security features.
Those issues include the intrusion of hackers or trolls in video meetings, more known as “Zoombombing”; Zoom’s misleading claim of offering end-to-end encryption; and the discovered sending of data of the platform’s iOS app users to Facebook for advertising purposes, even if the user does not have a Facebook account.
In Zoom’s blog post responding to such issues, Zoom’s founder and chief executive officer Eric Yuan apologized for falling short of the community’s and its own privacy and security expectations. He added that Zoom has stopped adding new features over the next 90 days and is shifting all its engineering resources to focus on its trust, safety, and privacy issues.
Moreover, the platform has started requiring a password along with the meeting ID for users to join a meeting. There will also be virtual waiting rooms that will appear by default for the meeting host to manually add attendees.
While video conferencing platforms are doing their best to keep meetings secure, users themselves can set measures to ensure that their meetings will be protected from security risks.
For Jonathan Knudsen, senior security strategist at Synopsys Software Integrity Group, making sure a password is in place is the most important consideration in setting up a meeting online. It helps ensure that the meeting will contain only the people expected to be there.
“Use a strong password — something with letters, numbers, and symbols — that is long enough that it would be very difficult to guess,” Mr. Knudsen added in a statement. “Be careful also about sharing the meeting information. And finally, monitor the attendee list during the meeting to be sure you don’t see anyone unexpected.”
In terms of sharing meeting information, Aaron Zander, head of IT at HackerOne, warns that sharing meeting ID or URL can allow people to eavesdrop on sensitive conversations, record the voice or video of participants, and infiltrate a team’s new virtual workplace.
“With the Zoom boom taking over social media, be careful how much you share in your screenshot,” Mr. Zander advised. “Some meeting tools allow you to limit meetings to only people in your organisation or add a password, but not all do. It’s important to understand the link sharing options for file sharing. This includes video links and services like Zoom.”
Furthermore, ensuring the video conferencing tool protects the meeting and its data by means of encrypting data between participants is advised.
“Ideally you want outgoing content (video, audio, text, files) to be encrypted by each participant and decrypted when it arrives to the other participants. This ensures that your meeting content is transported over the network encrypted so that anyone eavesdropping on the network traffic will see only unintelligible encrypted data,” Mr. Knudsen said.
In addition, carefulness greatly helps in safe videoconferencing. For meeting recordings, it should be checked if the video conferencing tool encrypts recordings and requires a password or other authentication to view them.
Users should also be careful with the link to the video meeting. Omer Dembinsky, manager of cyber research at Check Point Software Technologies, shared that as a sharp rise in the number of “Zoom” domains being registered have been observed, users should be extra careful before they click a link.
“The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit,” Mr. Dembinsky explained. “Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.”
For more #COVID19WATCH contents, visit www.bworldonline.com/covid19watch.