As always, we are keeping an eye on current trends in technology and have some important security issues for you to consider when using something like Zoom, as well as 5 easy best practices to follow.
Why are people using Zoom?
With the escalation of COVID-19 in the past several weeks, working from home has become more relevant than ever. Zoom has become a leader in the remote space to allow for people to meet up quickly and easily. Zoom offers everything from 1000+ person meetings/webinars for enterprise sized meetings, all the way down to a free version for smaller/shorter meetings. No wonder it has become one of the go-to tools for today’s social distancing! Not only does Zoom allow for audio and video conferencing, it also has a whole host of other helpful features including screen sharing, collaboration, and chatting.
Is it safe to use?
Although Zoom is a great tool that is accessible for people and businesses, it is important to know that it is not without flaws. Some of these flaws propose a significant security risk! Thankfully, most of these risks can be avoided by following some best practices.
One major Zoom vulnerability that has been uncovered in the past 24 hours is the ability for someone to send a link through chat that can steal your username and password. Additionally, this same vulnerability can also be used for someone to execute and install software on your computer without you knowing it. This software could be anything the attacker wanted including ransomware, malware, keyloggers, or the ability to remotely access your computer.
Zoom has been made aware of these vulnerabilities and will likely fix them via a patch soon.
Although these vulnerabilities aren’t something that your standard user can/would do, it is important to note that someone with malicious intent can do this rather easily! People are always looking for new ways to infiltrate your systems and this is definitely low-hanging fruit for potential attackers.
What should I do?
All this being said, below are some best practices to follow when using Zoom or any technology to conduct business. Thankfully none of these require any technical know-how!
- Exercise extreme caution and skepticism! If a potential new client blindly reaches out to you via Email, Social Media, or another electronic format follow your gut.
- Be mindful of someone you do know who’s email or other accounts have been hacked. This is a common way for people to take advantage of you. Some things to look out for are:
- You get an email/message from someone you know and it only contains a link or file attachment with no message attached.
- They send you a message at an abnormal time. For example, a person who generally works normal business hours sends an email in the middle of the night or early in the morning. This could be a sign that their account has been compromised.
- Spelling/grammatical errors in their email/messaging that aren’t normal for them.
- If it doesn’t feel or seem right, it most likely isn’t! A good tip to follow if something seems off is to pick up the phone and call the person. Verbally confirming it is actually them trying to communicate with you is the right thing to do. The idea is if you respond to an email and their account has been compromised, it is the attacker is responding – not the person who owns the account!
- Someone is trying to use a sense of urgency to get you to open an attachment, click a link, or take some sort of action. This should be a red flag!
- An old fashioned phone call is sometimes your best bet if something doesn’t seem right. If someone is unwilling to talk on the phone, or if they do talk to you but it doesn’t seem right, follow your gut!
- Never share personal, financial, or any other sensitive information over an unsecure channel such as Zoom Chat, Social Media, or unencrypted email.
Scammers have been taking advantage of people since the dawn of time. It’s really about taking a step back and thinking about what is happening and why. If you follow these best practices (and your gut), you are less likely to fall victim to an attack on your systems.
UPDATE: It is important to note that Zoom quickly addressed the vulnerabilities noted in this post. Within 24 hours of the news breaking that this was an issue patches were released to fix this specific vulnerability as well as a few others. Zoom posted a great article on their site addressing these issues as well as others not mentioned in our post. Their post helps shed some light on how their company has changed significantly in the past few weeks and outlines their plans moving forward. You can find Zoom’s blog post here.
Even with the updates released for the Zoom platform the Best Practices listed above still hold true!
Want to make sure your systems are secure? Contact us today to book a free consultation!