Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

PSA: Securing Zoom or any other video conferencing app

By Ken Wong - on 13 Apr 2020, 10:10am

PSA: Securing Zoom or any other video conferencing app

Image courtesy of Zoom

Covid-19 and the sudden shift to a mobile workforce have thrust video conferencing solutions like Zoom into the global spotlight and moved it from being a communication tool almost into critical infrastructure consideration.

But Zoom has been in the spotlight for the wrong reasons recently.

It first came under fire following security concerns raised by The Washington Post who said that thousands of Zoom videos could be viewed online through a simple online search because Zoom named every video recording in an identical way. One search for these recordings apparently revealed more than 15,000 results.

Zoom has also been in the spotlight due to several high-profile hacks where some video feeds were hijacked to show pornography. Concerns over Zoom's security have led to it being banned for use in Singapore schools and by the Taiwanese Government.

But is all really lost?

We spoke to Tom Kellermann, Head Cybersecurity Strategist at VMware Carbon Black, who highlighted a few best practices to help boost security while using Zoom or other video conferencing tools.

Here are some of his high-level tips to help keep video conferencing secure:

  1. Update the Application. Video conferencing providers are regularly deploying software updates to ensure that security holes are mitigated. Take advantage of their diligence and update the app prior to using it every time.

 

  1. Lock meetings down and set a strong password. Make sure that only invited attendees can join a meeting. Using passwords that are full sentences with special characters included, rather than just words or numbers, can be helpful. Make sure you are not sharing the password widely, especially in public places and never on social media. Waiting room features are critical for privacy as the meeting host can serve as a final triage to make sure only invited participants are attending. Within the meeting, the host can restrict sharing privileges, leading to smoother meetings and ensuring that uninvited guests are not nefariously sharing materials.

 

  1. Discussing sensitive information. If sensitive material must be discussed, ensure that the meeting name does not suggest it is a top-secret meeting, which would make it a more attractive target for potential eavesdroppers.  Using code words to depict business topics is recommended during the cybercrime wave we are experiencing.

  1. Restrict the sharing of sensitive files to approved file-share technologies, not as part of the meeting itself. Using a sharing site that only attendees have access to (and ideally has multi-factor authentication in place) is a great way to make sure sensitive files touch the right eyes only. This should be mandated as this is a huge Achilles heel.

 

  1. Use a VPN to protect network traffic while using the platform. With so many employees working remotely, using a virtual private network (VPN) can help better secure internet connections and keep private information private via encryption. Public Wi-Fi can be a gamble as it only takes one malicious actor to cause damage.  Do not use public Wi-Fi, especially in airports or train stations. Cybercriminals lurk in those locations.

 

  1. If you can, utilise two networks on your home Wi-Fi router, one for business and the other for personal use. Make sure that your work computer is only connected to a unique network in your home. All other personal devices – including your family’s – should not be using the same network. The networks and routers in your home should be updated regularly and, again, should use a complex password. Additionally, you should be the only system administrator on your network and all devices that connect to it.

 

All of us have a role to play in mitigating the cybercrime wave.  Please remember these best practices the next time you connect. For those still wary of Zoom, here are some alternatives. Remember to stay safe online.