The global coronavirus pandemic has forced individuals and businesses to work remotely. Although the culture of working remotely came some time back, it was not until recently that its adoption has peaked. Before, it was mostly tech companies that allowed its employees to work remotely. However, other organizations have also begun the culture of doing so as they’re forced to shut physical offices because of the pandemic. This has led to an exponential rise in the use of virtual meetings and conference platforms such as Zoom, Meet, Skype, Facetalk, Gotomeeting, and others. Zoom alone reached more than 200 million daily meeting participants. The figures for the company back in December 2019 was only around 10 million.
Zoom, the most widely used one, came under attacks from hackers and thousands of data were compromised.
After analyzing the recent attack on Zoom, our team of security researchers has come up with simple tips that can help conduct online video meetings securely.
While conducting online meetings people often forget to keep their meeting ID private. Sometimes they even publish it in publicly available domains. Our research found that colleges and universities have uploaded PDFs files where they have exposed their zoom meeting id and password. These kinds of activities give hackers access to one’s personal meeting id and password which hackers can exploit easily with bad intentions. Thus, keeping meetings private is a must to conduct online meetings securely.
Everything needs to be private. Even one’s Google calendar should be made private. An attacker can get inside your calendar if access permission is public. Finally, while sharing google calendar make sure you don’t share it with the public.
2. Don’t share meeting id in publicly accessible places like public trello or on public documents.
Not sharing meeting id in publicly accessible places like public trello or via public documents is another way to conduct online meetings safely. When people use Trello board to track work progress, they mistakenly forget to make the board private which gives hackers access to your trello board along with sensitive information. During our research, we found a few API keys as well as valid login credentials exposed in this manner. Sometime people also use it for marketing and share user CSV files over trello which is very wrong practice. We keep a record of our meeting conference for the future, but sharing video meeting URLs in a public place allows hackers to exploit it.
3. Change meeting id on a regular basis
Changing one’s meeting id on a regular basis, weekly or monthly as per convenience, also helps in conducting online meetings securely. Often we’ve to share our meeting id with other people. If a person with foul intentions gets a hand on our meeting id there’ll be a possibility that they might use it for the wrong reasons.
4. Avoid posting meeting screenshots on social media.
Recently, British Prime Minister Boris Johnson posted a Zoom screenshot in his twitter account but he forgot to cover up his meeting id due to which it was publicly available. If the meeting had not been protected by a password, there would have been a possibility that a hacker with bad intentions would be able to join the meeting and leak crucial information. Thus avoid posting meeting screenshots on social media, and even if you do make sure to remove meeting ids, password or any critical information.