COVID-19 Video conferencing security issues

The Coronavirus-inspired upsurge in employees Working from Home has generated a massive increase in the number of ‘team meetings’ conducted via one of the many proprietary Video Conferencing applications available – e.g. Zoom, Webex and MS Teams, among others.

Video Conferencing has been around for long enough that many, if not most, users will already have been exposed to it in their place of work as colleagues working remotely – e.g. from home, a client site, another business location etc. – ‘dial-in’ for meetings, so using the technology shouldn’t be too much of a problem.

However, as ever with wider distribution of business resources and connections, there are associated security risks and specifically a number of these have recently been highlighted for any business or individual using Zoom for their video conferencing.

When the New York Attorney General questions Zoom Video Communications about their security and the UK Government is forced to defend the use of Zoom to hold cabinet meetings, you wonder what underlying issues might be lurking.

Issues mentioned widely in specialist IT journals but also mainstream press, include:

  • Cybercriminals targeting Zoom users
  • A spike in the number of fake Zoom domains being created
  • Zoombombing (like photobombing) where uninvited users join and potentially disrupt meetings they’ve not been invited to
  • Previously reported webcam hacking

Clearly some issues are of greater concern than others.  The sharp rise in new fake domains, suggesting cybercriminals see an exploitable opportunity, is probably more disquieting than attention-tracking software.  It’s also possible that other video conferencing applications have similar vulnerabilities that haven’t yet been discovered or reported on.  In fairness, Zoom are taking user concerns seriously and have been working to address them; read their latest position here.

Fake sites are there to fool users into divulging information as if they were interacting with a genuine site.  Most such attacks begin with a bit of phishing, typically using a legitimate looking email containing a dubious link to fool the unwary.

For that reason, The IT Agency’s advice for best practice video conferencing – on every platform – should be familiar to regular readers:

  • Treat emails, files, social media messages etc. from unknown senders with extra caution
  • Avoid opening unrecognised files or attachments
  • Don’t click on unfamiliar links in emails or messages
  • Check website addresses, email addresses and all links for small spelling errors (they’re actually deliberate and there to look very similar to the real thing)
  • Maintain a healthy suspicion of everything arriving in your inbox

Individual users are the first line of defence.  Keep the current situation in mind and be alert to the cybercriminals’ intent.  Working from home helps keep us all safer from COVID-19, staying alert helps prevent our IT systems from infection.

The IT Agency’s commitment to keeping your business connected, protected and productive extends to ensuring your employees can video conference safely throughout the current crisis.  Call us on (02) 8317 4730 to discuss.