SINGAPORE — The use of video conferencing apps has soared as millions across the world have been ordered to work from home to slow the spread of the novel coronavirus.
Zoom, which allows users to talk to up to 99 other people simultaneously, has emerged at the top of the heap – the average mobile user numbers in March for Zoom were nearly three times that of Microsoft Corp’s Teams, according to research firm Apptopia.
Zoom Video Communications chief executive officer Eric Yuan said in a blog message on Wednesday (1 April) that Zoom’s daily users has ballooned to more 200 million in March from 10 million at the end of December.
However, concerns are rising over users’ security and privacy. The company was sued last month by a user in California for allegedly giving users’ personal data to companies including Facebook without fully informing customers.
The Federal Bureau of Investigation’s Boston office on 30 March issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as “zoombombing.”
Given its popularity, and as the interest and usage of the platform increases, cyber criminals will see this as an opportunity, Omri Herscovici, Vulnerability Research Team Lead at Check Point Software Technologies, a provider of cyber security solutions, said.
“We see a sharp rise in the number of ‘Zoom’ domains being registered, especially in the last week. The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit,” he said. “Each time you get a Zoom link or document messaged or forwarded to you, I’d take an extra look to make sure it’s not a trap.”
He offers some tips on how to enjoy the benefits of Zoom without being vulnerable to the key threats:
Keep up to date
In order to maintain effective security, the Zoom software must be updated frequently. The updates that tech companies offer for their products not only add new options and features, but also address “bugs” and security breaches, such as the ability to discover and eavesdrop on meetings.
It is important to understand that, contrary to popular belief, attackers’ window of opportunity does not close after the security breach has been repaired, but only after users run a software update and receive the company’s product patches to address the threats. This means users who have not updated the software remain vulnerable.
Using a login password
The requirement to present a password before entering the conference, in addition to displaying the call number, provides sufficient security. But in order to be fully protected, attention must be paid to how participants are invited into a call.
It is recommended to connect to Zoom via SSO (single sign-on) if your company has the option for you to do so.
Another way to control who enters the call is the “Waiting Room” option, in which a call manager creates a “Waiting Room” through which the participants can connect, but only if the call manager confirms the participants one by one or as a group. You can do this in the “Advanced Options” drop-down menu when you want to schedule a call.
Manage your participants during a call
Even if you have decided to use the less secure link-sharing option, you may prevent instances of participants displaying inappropriate content by restricting the use of the camera for participants. The conversation manager can decide who can use their camera and microphone by clicking “Manage Participants”.
Assume what happens in Zoom does not stay in Zoom
Zoom allows you to record video calls and export them as video files as soon as the call ends. This is a very useful tool when you want to update those who were not present at the meeting. The security problem that comes with using this tool is almost self-explanatory: since conversing participants can export the recorded file, the file can actually find its way into malicious hands.
To reduce the possible dangers from using the recording tool, the call manager can decide which of the participants may record the call through the participant management window and click “Allow Record”.
Do also take note that the participant can always record the conversation using external software for recording the screen. Therefore, always assume that you may be recorded and act accordingly.
After the call, if you have recorded it, ensure you don’t upload it to a shared platform like an information sharing cloud that is open to other parties.