brad-atkin-doeren-mayhew
By Brad Atkin, CPA, CISA, CITP, SOC – Shareholder, IT Advisory and Security Group

As COVID-19 has temporarily prevented many employees from working in the office, a key tool many companies now rely on is Zoom. From conference calls to virtual happy hours, this video call tool allows users to connect “face-to-face” during times where we cannot meet as normal. As effective as it is, it also can attract unwanted guests who potentially create cybersecurity risks, called “lurkers” or “Zoombombers”. Doeren Mayhew gives you an inside look at the do’s and don’ts of hosting Zoom calls, as well as how to deter unwanted guests from accessing your company’s sensitive information.

Do: Share your screen with coworkers
Don’t: Give up control of your screen

While employees cannot currently meet in person, business must continue as usual. Sharing your screen is the next best thing to properly explain a new idea or walk through an issue. However, you must keep the screen-sharing power as the host of your Zoom meeting. By giving up control of your screen, you allow hackers to access your computer and breaches of privacy from coworkers who shouldn’t be looking at your personal information. If someone else offers to access your screen to help you, let them share their own instead. In this case, make sure your call is password-protected so random users cannot share unwanted content and disrupt your meeting.

Do: Invite your team to a meeting
Don’t: Post the meeting link to a public place

When you invite your team to a Zoom call by posting a link to a public place such as a company social media account or website, you’re also inviting unwanted guests. Privately email your link to your team to prevent anyone else from attempting to access your meeting. Even if your company has an intranet, it’s still better to be safe than sorry and send via secure email.

Do: Secure your meeting
Don’t: Allow easy access to your meetings

Just because your meeting has a unique link and meeting ID doesn’t mean others cannot find it and access it. Given the increased use of Zoom during the COVID-19 pandemic, Zoombombers are more active than ever and actively trying to access individuals’ private information. To fight that, Zoom allows you to set passwords for your guests to enter when joining a meeting. Another key feature Zoom has introduced is its “Waiting Room”, which allows you to moderate who can enter your meeting. Hosts receive a notification of who is waiting to access the meeting and they can decide to admit them or reject them. Finally, when the subject matter of your meeting is of the utmost importance, Zoom introduced two-factor authentication, which requires not only a Zoom username and password but also a generated code via mobile app.

Do: Encourage your team to take notes during an informative Zoom presentation
Don’t: Record calls containing sensitive information

While Zoom has a helpful feature where you can record a video of your call, it may not be your safest bet for capturing confidential information. After your call is over and you download the file, it is also saved to Zoom’s servers. Depending on the content of the call, it’s important to evaluate if confidentiality is a factor before allowing it to be recorded.

Do: Ensure your Zoom app is up to date
Don’t: Keep using the app just because it works

Much like all user-facing services, Zoom occasionally suffers from security lapses. However, it has proven itself quick to fix them. Common issues include attackers hijacking computers’ microphones or cameras, but Zoom addressed them quickly. With these fixes being issued regularly, it’s imperative to update Zoom’s mobile and/or desktop apps whenever you can. These updates keep security issues at bay and lowers the risk of your calls being compromised.

As working remotely seems to be the new normal for the foreseeable future, cybercriminals will continue to use this time of vulnerability to their advantage. To stop them in their tracks, ensure your company’s Zoom calls are controlled, private, secure and up to date. If you have questions about potential Zoom cyberattacks within your organization, contact Doeren Mayhew’s Cybersecurity and IT Advisory professionals today.