COVID-19: Videoconferencing and ZoomBy Dave Webb | 27 Apr 2020
Valkyrie advise how to safely use videoconferencing during Covid-19
The Covid-19 lockdown means many of us are now using video calls to stay in touch with family, friends, and work colleagues. You will doubtless be joining the army of people now using video conferencing services to stay in touch be it via Zoom, Skype, houseparty etc. However, when it comes to security, video conferencing has its dark side, as the FBI highlighted at the end of March. Its concerns focused on Zoom (https://zoom.us/), which along with other such services has enjoyed a significant rise in usage volumes during the Covid-19 crisis.
Zoom now has the ‘unfortunate honour’ of having a new cyber-attack named after it. The FBI's Boston arm has warned of ‘Zoombombing,’ in which uninvited people hijack meetings. It reported two local incidents - both involving schools - where attackers invaded Zoom meetings and used profanities and displayed white supremacist imagery. There have also been other incidents. In Norway, a naked man Zoombombed a school session. In the US, trolls predictably bombed public video conferencing meetings proudly organised by Los Angeles and Davis City councils.
The problem is that organisations rushing to remote working during the health crisis do not fully know what they are doing, and they are making serious mistakes. Even Boris Johnson slipped up by publishing the ID number of his first digital cabinet meeting, while also using Zoom against the MOD's advice.
Zoombombing is not the only danger. Others include divulging sensitive information to other authorized participants, or not properly managing meeting recordings after the event.
Zoom updates its app with a wave of security features https://metro.co.uk/2020/04/23/zoom-updates-app-wave-security-features-12597138/
How can you protect yourself:
- Even if you are familiar with video conferencing, we recommend you take a moment to check how you are using it.
- Walk, do not run into a videoconferencing choice.
- Choose your platform wisely. Rather than jumping for the first available solution, check news articles for past security incidents and see if the vendor has fixed them.
- Have a list of security requirements. What does the platform offer in terms of permissions and controls to ensure that only the right content gets through?
The National Cyber Security Centre (NCSC) has published good basic guidance in order to help organisations and individuals prevent eavesdropping and protect privacy during virtual meetings. This includes being sure that everyone uses the company-approved online meeting platform, limiting meeting recordings only to those that are absolutely necessary, and imposing strict identity checks for meeting participants.
Video conferencing services - using them securely:
- [Apr 20] How to set up and use video conferencing services, safely and securely. https://www.ncsc.gov.uk/guidance/video-conferencing-services-using-them-securely
- [Apr 20] Video conferencing: new guidance for individuals and for organisations.
- [Apr 20] Video conferencing services: using them securely. How to set up and use video conferencing services, safely and securely.
Perhaps, the best advice is to condense these practices into a guidance document and ensure that employees follow it. Having a competent facilitator that understands how to set up a secure meeting is an important part of the process. Do not throw an untrained office administrator in at the deep end.
It is nice to think that those companies getting video meetings right will use them more after this crisis has subsided. It will save valuable commuting time and give people more work-life balance. However, a lot depends on laying the right foundations now to avoid security problems and create a solid foundation for a productive future of remote working