With travel restrictions being added every day due to quarantine, many businesses have switched to an online, work-from-home model for non-essential workers. The video conferencing client, Zoom, has allowed hundreds, even thousands, of businesses to keep their virtual doors open. But a deeper look into Zoom reveals some definite cybersecurity issues that are cause for concern.
Some reports have stated that Zoom’s daily usage has nearly quadrupled, surging by more than 350% in December alone. However, within the past few weeks, hackers have been able to gain access to educational and business meetings. This has caused New York's Attorney General, Letitia James, to send a letter to the company asking what, if any, new security measures Zoom has put in place since the uptick in traffic.
Check Point, an IT security technology company, has done extensive research into Zoom. They report more than 1,700 new domain registrations with the word “Zoom” since January, along with 4% of those sites containing suspicious characteristics when compared to Zoom’s platform. Check Point has further detected malicious files referencing the application. If these files are opened, they could potentially install malicious software.
Zoom has already taken some steps to help prevent further hacks. When Check Point revealed their findings, Zoom was ready to listen. Zoom has helped to mitigate risks by adding default passwords to all scheduled meetings and blocking repeated attempts to scan for meeting IDs.
Clearly, Zoom has been an invaluable tool during the turbulent times we face. But is it the right tool for the job? We think it is, as long as you take the proper precautions. While some groups are out there combating hackers who seek to take advantage of the pandemic, here are further steps you can take to help:
- Do not make meetings public. In Zoom, opt to make a meeting private by requiring a password, or, use the waiting room feature to control who is allowed to join the meeting.
- Do not share a link to the meeting on public domain such as social media. Make sure this link stays hidden in an email, text, or some other more secure form of communication.
- Ensure that Zoom has been updated. After an update in January, the platform added default passwords for meetings and disabled the ability to randomly scan for meetings to join.
- Be cautious about emails and files received from unknown senders and about opening unknown attachments or clicking links within emails.
- Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.