When you have finished reading this I hope to have accomplished two things.
First; by the power of suggestion and internet search engines you will have listened to Zoom by classic 80’s R&B group Fat Larry’s band. Second, and some say, more importantly, you will consider some of the security implications of rushing to adopt web conferencing whilst working from home in these days of COVID 19 isolation and remote working.
Web or video conferencing in my experience has always been a somewhat begrudgingly accepted part of doing business. It’s much nicer to be face to face isn’t it? But given the global work from home directive, by necessity, its usage has risen spectacularly. There are many solutions out there with Skype, Zoom and Teams just to name a few. Whilst, as with all things software, not all tools are equal, each has its pros and cons and security considerations.
These considerations can range from the benign accidentally changing your video filter to make you look like a potato, to the potentially more dangerous, and less amusing, webcam hijack. So it is even more important in these times of increased third-party service provider reliance to know which tool you are using and how to protect yourself from TV pranksters or turning yourself into a root vegetable.
In the case of Hamish Blake recently joining a number of Zoom calls, notably an Australian Air Force flight Log briefing, it would appear to be less of a hack of the system but more a direct social engineering exercise where Blake asked for login details and apparently received them from willing participants. Whilst this may make for amusing broadcasting it does have a potentially serious side in that a more subversive character could have joined the call and gained unlawful access to confidential information. It may surprise you to discover that sharing login details is something you should never do – and in doing so, indicates a lack of training and cyber awareness.
Zoom has had security flaws identified and reported on for some time now. These flaws have been the aforementioned call hijacking, questionable encryption, call traffic being routed through Chinese servers and the more covert issue of Mac users being unknowingly forced into calls. Indeed so widespread has the Zoom call hijack been that it has spawned its own nomenclature – zoombombing! Allegedly Zoom’s response to some of these issues has been less than comforting.
So, how best to protect yourself and practice safe video conferencing? The Australian Cyber Security Centre of the Australian Signals Directorate has issued some guidelines to help. The key is to exercise some common sense, practical steps to ensure online security. These include performing due diligence on the provider of choice: where are they based, what’s their track record, and are all relevant legal and regulatory requirements being met.
You should also understand what information is being collected, stored and shared by the service provider. Is strong encryption being used? When you have chosen your service provider ensure it is configured and implemented securely. Train your teams and participants on how to video conference securely. Never ever give out meeting details and, much like you would for unknown persons attempting physical access, challenge any unidentified or unknown participants.
Following these simple guidelines may not stop you turning into a potato but they will go a long way to ensuring that your calls remain confidential and your privacy maintained, of course whilst humming Fat Larry’s Zoom.