In times when a majority of employees are working from home due to the global coronavirus pandemic, enterprises are extensively relying on collaboration tools like Zoom to keep their employees productive and engaged.
Only in March, the daily usage of Zoom Videos increased over 5 times. The platform made it easy for company employees and clients to hop on meetings whenever needed and for schools and students to continue education online. However, this sudden increase in the platform’s popularity made it equally easy for cybercriminals to hijack meetings and exposed severe privacy shortages.
In this article, we will discuss:
- The recent Zoom security crisis and how the owners are responding to it
- What are the main challenges you should pay attention to when using the platform
- What are some of the best practices that will help you maximize productivity and use Zoom securely
How Zoom is responding to its security crisis
As more than 90% of Americans were forced to work from home in March and started to increasingly rely on Zoom for work-related meetings, it has been pointed out that the communication platform didn’t use end-to-end encryption. Last week, Zoom CEO and founder Eric S. Yuan apologized for the confusion related to this issue. In another message to users, he also acknowledged the security and privacy shortcomings and prioritized to fix them. "We recognize that we have fallen short of the community's – and our own – privacy and security expectations. For that, I am deeply sorry," Yuan wrote, explaining that Zoom “was built primarily for enterprise customers – large institutions with full IT support.”
He added that Zoom would be "enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues."
Despite the recent crisis, Zoom remains one of the best productivity tools out there. It’s easy and seamless to use - meeting participants can join via a shared link from any location without any software downloads. It works just as well for private gatherings among friends, conducting online lessons and staff meetings. Gartner has rightfully placed it among the market leaders in ICT provision - Microsoft and Cisco.
Security challenge: Zoombombings
A significant number of the so-called Zoom bombings - the practice of hijacking video conversations by uninvited parties to disrupt the usual proceedings - were reported since the global quarantine began. Hijackers, who can be anyone from school children spreading hateful comments or threats, to adults spreading racist content or even porn, have given rise to a new kind of internet trolling. IT Security Administrators must be weary of this phenomenon and implement stringent policies to prevent such attacks.
Security challenge: Data leakages
It has been reported that attackers can use the Zoom Windows client's group chat feature to share links that will leak the Windows network credentials of anyone who clicks on them. It happens because the Zoom client converts Windows networking Universal Naming Convention (UNC) paths into clickable links. When someone clicks on that link, Windows shares the user’s login credentials. This is usually a consequence of unwarranted logins to the enterprise cloud architecture, so keeping strong password policies is crucial, just as knowing about every instance of UNC path sharing.
Security challenge: Privacy shortcomings
According to Business Insider, Zoom has been accused of passing on data to third parties, including Facebook, without notifying the users. Vice reported that the iOS version of Zoom's app sends analytics to Facebook even for users who don't have a Facebook account, attacking the privacy of its users.
Performance challenge: Ensuring quality of service
Zoom offers best-in-class performance. Nonetheless, in areas with poor reception or the strained WiFi networks at home, its quality of meetings may downgrade. IT Administrators may find it challenging to monitor whether the tool is performing as expected for their employees.
Reliability challenge: Ensuring availability at all times
When your employees rely on a single tool to plan, collaborate and make decisions, a single disruption can negatively impact the overall schedule. IT Administrators must be notified in advance when Zoom is unavailable or not performing as expected, so they could in turn inform their employees to use alternate collaboration software.
Best practices for ensuring reliability and security of Zoom
As an IT Security Administrator, ensuring that employees are following the organization's security policies is in your job description. The following best practices are instrumental to protecting your enterprise from Zoom bombings and other security challenges:
- Login policies: consider if using SSO technologies such as Google/Okta is necessary to allow users to access Zoom.
- Password-protect all of your meetings, otherwise anyone will be able to join, which only increases the risk.
- Use the Waiting room feature - it will allow the meeting host to check each participant before letting them in.
- Keep the Zoom client updated - install available updates immediately once they are released. Cybercriminals are more prone to attack the tool and Zoom acts accordingly - their latest update features password protection for all meating by default.
- Do not share your meeting ID, as anyone will be able to join. The UK Prime Minister Boris Johnson highlighted this risk by showing the ID of his cabinet meeting to the entire world via his Twitter account - warn your employees to never copy this idea. Do not post public links to your meeting either.
- Disable the “Join before host” function to ensure the participants aren’t surprised by malicious actors
- Disable participant screen sharing to minimize the risk of meeting hijacking
- Lock meeting when everyone has joined
- Keep track of relevant metrics related to your guests, such as which hosts create the meeting most often and for what number of guests, recent activities by guests, what meeting IDs are consistently being used by guests, who outside of your organization is joining meetings most often, foreign participants and where do they join from, etc.
- Keep track of your user activity, especially if they make changes to their user profiles, consistently use personal meeting rooms, or display anomalous behavior.
- Ensure you know which accounts have been inactive over the past month
- Monitor Windows UNC path sharing
- Monitor anomalous admin activities as well as new and deleted users.
- Do not use Personal Meeting IDs
- Know about any admin control setting that are not being met
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.