Video chat meetings are now part of daily operations for so many businesses. When the coronavirus quarantine period started, video conferencing was a bit of a fun novelty. Colleagues who had never tried Zoom were now using it multiple times a day. Sadly, it didn’t take hackers long to realize they could exploit the popularity of video chat platforms to commit cybercrimes. Zoom in particular has experienced so many security issues that many organizations, including school districts in NYC, have banned it.
While there are certainly more secure platforms, I use Zoom every day. Since the COVID-19 pandemic began, Kelser has advised our clients on how to use Zoom and set it up for them. Recently, I was a guest on FOX 61 Morning News to discuss cybersecurity best practices for Zoom.
One key tip is to look in the advanced settings of Zoom and enable two-factor authentication. Once that’s done, here is a brief summary of some of the most common Zoom cyberattacks to be aware of and how to prevent them.
Zoom Bombing
What it is: Uninvited guests showing up bringing profanity to your meeting. Notably here in Connecticut, the annual meeting of Central CT United Way was overrun by hackers causing mayhem, as was a meeting about the census with Attorney General William Tong and Lt. Gov. Susan Bysiewicz.
How to prevent it: Enable the password and waiting room features on your meeting. That way, no one gets in without a password, and even if someone has the password, the moderator has to approve them before they can come in. There is some evidence that the waiting room feature on Zoom may be compromised as well, but using it is certainly more secure than not.
Recordings Leaked
What happened: Thousands of recordings of Zoom calls were recently found unsecured online including therapy sessions and elementary school classes.
How to prevent it: If you're using Zoom to discuss potentially sensitive information, don't record the call. Only record if you're OK with the content being public (such as a webinar you're planning to post on YouTube anyway). Screen capture software that saves the recording to your computer instead of Zoom’s cloud is likely more secure in a pinch.
Zoom Link Spoofs
What it is: Since the pandemic began, hundreds of URLs with the word "zoom" in them have been registered. Many of these likely belong to hackers who are using them to trick users into thinking they are logging into Zoom and giving up their data. Hackers have been using this tactic for years. Zoom is just the latest place to deploy it.
How to prevent it: The best solution here is to avoid clicking Zoom links (in case they are fake). You can use the Zoom client downloaded on your computer and enter the meeting number or click to enter the meeting directly from the calendar invite sent by the host. Anti-malware services such as Proofpoint and Cisco Umbrella can stop you if you accidentally click on a malicious Zoom link as well.
Alternatives to Zoom
Zoom is extremely easy to use. That is both why it is popular and why it is vulnerable. If security is your chief concern with video chat, there are certainly more secure platforms available. Each comes with different downsides as well, however.
Microsoft Teams (and Skype)
Pro: These Microsoft platforms are more secure than Zoom and common in business environments. In the case of Microsoft Teams, it is also integrated with Microsoft 365 (formerly Office 365) and offers additional collaboration functionality.
Con: Not encrypted end-to-end. Microsoft could access and record video calls.
Kelser's Tim Colby provides an introduction to Microsoft Teams in this video and article.
Signal
Pro: This is a fully encrypted platform built with security in mind. Investigative journalists often use signal to communicate with sources who need to remain anonymous for their safety or to keep their job.
Con: Only supports video calls between two users
Pro: The same robust encryption protocol used by Signal. One of the most widely used apps in the world.
Con: Only supports four users on a video call. Owned by Facebook and subject to data collection.
FaceTime
Pro: Secure end-to-end encryption—even Apple can’t access your video calls on the platform. Supports video chat with up to 32 users.
Con: Only available on Apple devices.
GoToMeeting, Google Hangouts
Pro: Like Zoom, these platforms accommodate large groups, though they have fewer well-known vulnerabilities than Zoom. Either can be used in a web browser without downloading anything.
Con: Not fully encrypted. Google and GoToMeeting could access the content on their servers.
Your video chat is only as secure as your network and device
It’s important to remember that even if the video chat platform you are using has all the security features enabled, it won’t do you a lot of good if your network or device is compromised. That’s why, until you’re back in the office, it’s important to assess the overall cybersecurity of your work-from-home environment.
