Amid the ongoing novel coronavirus pandemic, we are seeing a global trend of employees being told to socially distance themselves and Work from Home (WFH). This has triggered a tidal wave of companies integrating teleconferencing into their business processes.
Teleconferencing App Vulnerabilities Spotlight: Zoom
Working from home has resulted in an explosion of popularity of teleconferencing platforms like Skype, Google Hangouts, Houseparty and most notably, Zoom. A CNBC report cites that Zoom has added 2.22 million monthly active users in 2020.
Unsurprisingly, the increased use of Zoom has gotten the attention of cyber attackers looking to pounce on this new opportunitycyber attackers looking to pounce on this new opportunity.
In the past month, there have been several security and privacy issuessecurity and privacy issues stemming from this increased use. Zoom is currently facing a lawsuit from one of its customers after it was reported that Zoom sent user analytics to Facebook without user consent. An ex-NSA hacker recently also found a new app vulnerability in Zoom where it was possible to inject malicious code into the appinject malicious code into the app to arm an attacker with the access that Zoom has to your webcam and microphone.
Zoom-bombing — where Internet trolls can scour the Internet for unsecured conference calls just by entering the meeting URL — has become another major risk for organizations holding confidential discussions on the app. After two schools had their video conferences hijacked, the FBI made it clear that organizations and individuals need to exercise due diligence in securing their Zoom meetings. Zoom calls are used by governments during this pandemic period, and may become the target of more sinister and advanced hackerstarget of more sinister and advanced hackers.
Zoom has since fixed related security issues as per the blog post by Zoom CEO Eric S. Yuan. For all Zoom users, be sure to always keep your app up to date on your Mac and Windows.
If you need to continue using Zoom or other teleconferencing apps, it is critical that your team only sets up private meetings that require password access.
Teleconferencing: Webcam Hygiene
A recent unfortunate event featured an employee who forgot to turn off her camera when going to the toilet, while on a video conference call. Thankfully, she quickly figured out her mistake and turned off her camera. This story has gained viral attention to a host of tweets both jovial and empathetic. However, amidst the cheers of moral support and assurance, this story does present one great reminder whenever working remotely — situational awareness.
Fundamental to workspace digital hygiene is the privacy of sensitive office materials. Employees must refrain from sharing photographs of sensitive materials or equipment on social media. Such instances can directly help hackers collect intelligence on a target for future exploitation. Cybersecurity still possesses a physical domainCybersecurity still possesses a physical domain, either in the form of the actual laptop or the Wi-Fi router sitting in the corner of your house. It may not seem interesting or valuable to you, but any information you share — be it a photograph or a video — tells a hacker something about you. And it may just be something they can target and exploitsomething they can target and exploit.
Wi-Fi Router Security
One cannot talk about working from home without having a connection to the Internet. And one cannot talk about having an Internet connection without having that small box in the corner of our houses we call Routers.
The cautionary note of changing the default passwords of our personal computers, accounts and routers has been preached time and time again. But whether or not you have responded to the word of caution, it is more crucial than ever now that you change your router’s password from its default password.
The ramifications of a compromised home router are manifold. Dating as far back into 2015, security researcher Brain Krebs reported that phishers targeted home routers in Brazil still using their default passwords to harvest online banking credentials and other sensitive data. Why is this significant? Default router credentials are readily available on some instruction manuals, which can be easily obtained from the Internet. And we know this is still a method exploited by hackers, who use it as intelligence sources or botnets to support more nefarious crimes. Hackers are still targeting D-Link Home Routers in attempts to gain access to target networks and information from our devices at home.
Even with other countermeasures put in place, we can never be 100% secure at home. But changing your router’s default password can go a long way to mitigate security risks at home.
- Don’t forget basic cybersecurity such as situation awareness, passwords and respecting the distinction between Work and Home.
- Ensure when coordinating teleconferencing calls like Zoom to keep sensitive meetings private when possible and refrain from sharing the password outside of your intended audience.
- Be cognizant of where you are and what is visible on your webcam when conducting video calls.
- Reset your WiFi Router’s default password if possible, or ask your service provider on how to do so.
Remember that you are responsible for the security of your company’s cybersecurityyour company’s cybersecurity as much as the security team is. The time is now to practice better cybersecurity so that when we do return to our offices, we would be better and smarter than before.