Remote work and web conferencing: Security and privacy considerations
As more and more people remain at home and work from home due to the COVID-19 pandemic, most of them have been forced to use one or many video and audio conferencing applications out of necessity.
For the same reason, many companies have had to quickly introduce these new tools to their employees, all the while hoping the benefits will outweigh the risks until they have had the chance to introduce protections, policies and more comprehensive training.
Organizations’ IT and IT security department must decide which teleconferencing solutions can be used to enable continued secure work while maintaining regulatory compliance (though some regulations have been altered to meet indispensable needs in this time of crisis).
One of the risks employees could end up being exposed to are phishing emails ostensibly coming from the IT department, asking them to download a teleconferencing applications that is actually a piece of malware.
Fake invitations to scheduled meetings could also point them to malicious sites.
Also, as many people work from home from their own devices, it has to be expected that the line between business and private use will soon blur and employees will forget that they should not to engage in risky online activities that increase the chance of the devices getting compromised.
Private use of teleconferencing apps
One particular remote conferencing solution is quickly becoming the solution of choice for many users worldwide: Zoom.
The popularity is due to how easy it is to use, to the quality of the video and audio connection, and to the fact that a free account gives you unlimited one-to-one meetings and 40 minutes for a group meeting per day, which is more than enough for most people’s private use needs.
Though private meetings are much less likely to be interrupted or spied on by malicious individuals, individuals and organizations that use it for bigger online meetings – either for work or after-work socializing and unwinding – must be aware that they could be “zoombombed.”
The company developing Zoom has offered advice on how to “keep the party crashers from crashing your Zoom event”, but trolls have been able to bypass some of those protection measures (as this Twitter thread shows):
— Ceri Weber (@ceri_weber) March 28, 2020