How Safe Is Zoom?
What Has 2020 Done To Our Economy?
What started as whispers of a viral breakout overseas in December 2019 quickly became a global exercise to lockdown citizens and stall economies in our effort to retard the progress of COVID-19.
Do you remember Wednesday, 25 March 2020? It’s the day we all went to bed knowing that we would wake up to full community lockdown of ‘non-essential services’ and that our ‘normal’ business operations were about to be turned upside-down! That’s the week many of us realised that any hope of keeping our business viable depended on having remote systems operational to connect our teams, clients and stakeholders. We needed them up and running as quickly and as cheaply as possible, because every business would be taking a financial hit from the fallout to Australia’s economy.
Almost two months later, many of us are still operating from our private homes. Our pain has been gain for video conferencing software developers, such as Microsoft Teams, Skype, Google Meet (formerly Google Hangouts Meet) and Zoom. Businesses and individuals have streamed to these apps (pun intended) to stay connected. We’ve settled in to the new ‘normal’ of daily video conferences, and ‘webcam dressing’ (waist up – business attire, and waist down – tracksuit pants and elastic waistbands for comfort).
Now that the crucial task of setting up the systems and apps you need to work remotely has been addressed, it’s the time to ask yourself: how safe is the video conferencing app your business is using to stay connected?
The pandemic has pushed an uptake in video conferencing subscriptions to new levels! For example, in December 2019 Zoom had 10-million paid and free subscribers using their app but, as of May 2020, it now has an estimated 200+ million users.
But along with their meteoric rise in users, Zoom has suffered from the unwanted attention of hackers. Media articles have been full of warnings about hackers successfully taking advantage of the confusion and stress people face transitioning to working from home to ramp up online attacks.
When it comes to video conferencing apps, Zoom has unfortunately faced the lion share of negative security reports. Headlines included, ‘Beware Zoom Users: Here’s How People Can ‘Zoom-Bomb’ Your Chat’ (Forbes), ‘Zoom makes privacy and security fixes as millions flock to the service’ (CNN) and ‘Zoom releases security updates in response to ‘Zoom-bombings’ (The Guardian),
If you are a Zoom subscriber, how safe are you from cyber-attack?
Fran Kelly, ABC-RN Breakfast Host, interviewed Michael Chetner, Head of Australia and Asia Pacific for Zoom Video Communications to find out why Zoom had received bad press, and what assures do businesses have that it’s safe to use Zoom.
When Ms Kelly questioned Mr Chetner about Zoom’s acknowledged ‘flaw’, he took a moment to review the evolution of Zoom through the pandemic, and what made Founder and Chief Executive Officer Eric S. Yuan admit Zoom has “fallen short of the communities’ privacy and security expectations”. It makes for interesting reading.
Unexpected Events Reveal Weaknesses
According to Michael Chetner, prior to COVID-19 “rudely interrupting our business operations overnight”, corporations who subscribed to Zoom weren’t under any time pressure to quickly adopt and rollout use of conferencing apps across their workforce. Having the time and internal IT resources enabled large businesses to “run through security measures so [Zoom could] be used in a safe way”. As the pandemic gained momentum and generated fear, businesses were in urgent need to set up platforms to connect their remote workers very quickly. In this unique situation time was not on the side of new Zoom subscribers.
The lesson here is, before adopting new software, understand if or what security measures are built into an app. Make sure you have the technical expertise you need to interrogate, integrate and support rollout of an app across your team and protect your business.
Know Your App – User Settings and Education
Zoom has now identified, and corrected, two areas that unwittingly left new users exposed to risk: user settings and lack of user education!
Founder and CEO Eric X. Yuan created Zoom for enterprise and corporate use, however its usability quickly made it a popular app with home users. Designed as a corporate product, it comes with built-in user settings to enhance user safety. However, as Michael Chetner points out in his ABC interview, they need to be “made more explicit”.
Zoom’s user settings are built into the product but, prior to new upgrades, users needed to manually tweak settings to provide maximum user security. Without settings being made “more explicit”, users where exposed to higher levels of cyber risk.
It sounded very much like Michael was pointing the finger at users and Fran was quick to pick up on that, asking “Just because it’s been adopted by more people doesn’t really, isn’t really an excuse for you that you didn’t have these privacy and security things built in from the start, is it?”
Personally, I agree, however this insight into a software developer’s mindset shows how important it is for you and your IT team to have your own understanding, beyond what a salesperson tells you, what impact new software may have on your systems and what you need to do to ensure you remain cyber secure!
Zoom has now addressed these problems by creating default security settings. Default passwords for meeting ‘rooms’ has been introduced, as well as ‘Waiting Rooms’. Meeting hosts now control who is allowed to enter a meeting (entry is gained only after a host accepts a call), and host can evict unwanted or badly behaving attendees.
As Michael says, Zoom has been “educating those bodies in how to actually enable some of those security features. But what we have done is, we’ve proactively put in place these settings to be default, so you must put a password on your meeting rooms, you have to admit people in a ‘waiting room’ so they cannot just join any meeting”. No need to worry anymore about ‘Zoom-bombings’!
Cyber Hygiene and Safe Cyber Habits
To be fair to Zoom, a big cause of hacker interference has come from what Michael calls lack of ‘cyber hygiene’. It’s well documented that social media platforms provide hackers with a wealth of user information they can use to successful hack businesses. As Michael says, “…look, the other thing is we’ve had some instances where the meeting IDs, which is essential like a phone number, [are] being shared over social media. So that cyber hygiene which we talk about, not just for Zoom but for all applications, is really important!”
Have you shared your meeting ID via social media? Does it really cause problems? Yes, it does! To quote Michael, “we wouldn’t share our mobile number on social media because it would welcome unwanted calls”. So, please, don’t use social media to share sensitive business data! Once sent, you have no control over how or to whom that information is passed on to.
How Secure is Your Data and Credentials?
During the interview, Fran asked, “should people be concerned about hackers stealing subscriber data and credentials? How secure is that information?”
In answer Michael states, “This impacts all applications that are used on the Internet. What we’re seeing is that requirement to keep passwords and keep information confidential, as you would with any passwords that are used for any type of software, that’s really important because unfortunately there’s a whole lot a activity around taking that information and applying it to many different applications to be used in the wrong way.”
So true! The lesson here that you must have password policies enforced across your business to maintain premium level cyber security. If you don’t already have a password policy that you have educated your team in, you need to implement one as soon as practical!
(For the complete interview between Fran Kelly, ABC-RN Breakfast, and Michael Chetner, Head of Australia and Asia Pacific for Zoom Video Communications, click here: https://www.abc.net.au/radionational/programs/breakfast/video-app-zoom-criticised-over-security-and-privacy-issues/12163500)
Benefits of Having an MSP
Zoom’s security updates have addressed the ‘flaw’ they previously had with not enforcing default security settings and lack of user education. Well done, Zoom!
However, as a business you can access to something that can foresee and block security risks to your systems and people – a good internal IT team or outsourced IT Managed Services Provider.
Cyber security is a constantly changing landscape. Foreseeing and proactively managing credible cyber threats to your business requires dedication and a wide degree of technical insight. To effectively manage risk, you need to be able to identify the ‘gateways’ within your business procedures, systems and various work locations that open opportunities to cyber-attack. You need to create policies to educate and engage your team in safe cyber conduct, conduct ongoing monitoring of devices and have the right solutions and applications in place to protect and backup your data and systems.
Outsourcing management of your IT to a Managed Services Provider gives you the dedicated expertise your business needs to stay ahead of identified and emerging cyber threats, at a set monthly cost. You also gain a partner who has a vested interest to keeping you happy to retain their relationship with you. A good MSP will always take a wholistic approach to managing your IT, ensuring new devices, software or subscriptions are complementary to your existing, integrated set of security measures.
MSP itro
When it comes to depth of skills, resources and tools, I can highly recommend the team I work with at itro, and MSP located in Cremorne, Melbourne. itro’s team will ensure your devices and systems always remain updated for maximum protection of your data, cyber security and operational efficiency.
Ninety-five percent of our new clients come to us via word of mouth. We’re 100% Australian based and owned, with almost 20 years’ experience across a diverse range of industries. Our engineers are chosen for their ability to respond to requests for support in plain English. We give recommendations with realistic time frames and won’t lie about what is possible.
A Microsoft Partner, our team has accomplished the extraordinary achievement of gaining five Gold Competencies with specialised skills in:
- Gold Small and Midmarket Cloud Solutions
- Gold Cloud Productivity
- Gold Datacenter
- Gold Cloud Platform
- Gold Collaboration and Content
Other itro partners include WatchGuard (Gold Partner), MailGuard, WEBROOT and Practice Management Systems FilePro, LEAPLegal and PracticeEvolve.
We offer two Support Plans for Business IT, and one self-managed Support Plan for internal IT Managers:
- itro Advanced – designed to reduce unforeseen costs.
- itro Ultimate – designed to remove unforeseen costs.
- itro Self-Serve – designed for inhouse IT Managers with limited tools and team resources.
Please, give itro a call on 1800 10 3000 or email [email protected] today to find out why we are so confident we are the best Managed Service Provider for you, and how we can help you manage your IT.