IHUBApp Blog

5 Essential Security Tips for Working in the Age of Zoom | InspireHUB

Written by Karolyn Hart | 6 April, 2020

 

It was no April Fool’s joke when the CEO of Zoom, Eric S. Yuan, apologized to the world in a blog post for the privacy and security challenges their platform is experiencing. With almost 200 million users a day, the impact has been immediately felt as organizations of all sizes are wondering what the implication of this could mean to their business. Elon Musk’s SpaceX, and Apple both made the decision to completely ban Zoom from their organizations and as leaders begin to learn about other troubling headlines with Zoom (such as the US attorney general investigation or the lawsuit over data sharing with Facebook) they may wonder if they should be doing the same. (Take a breath. It's not all doom and gloom!)

The team of InspireHUB has been working 100% remotely for seven years and our experience provides a unique vantage point. With that in mind, we reached out to our cyber security partners (CyberSC) and asked Founder Dominic Vogel to provide his insights into some practical tips that should be taken into consideration regardless of what video platform you use.

 

Tip One - Don’t rely on just one platform. Have a selection ready.

Out of necessity, our team quickly discovered that we needed to have a number of video conferencing tools on hand for various circumstances that arose. Whether that is the service itself becoming inaccessible, a specific feature not being required for a particular call, or it may be that certain solutions provide better performance depending on where the person is situated. The ability to move between different tools comfortably starts with signing up for those other platforms. When a call “stalls”, being able to swiftly usher your attendees into another service to continue the call will help to sustain your business.

From a security standpoint, it’s important to understand that all video conferencing platforms are struggling with privacy and security issues. Dominic Vogel, founder of Cyber.SC frames up the reality:

“No platform is perfect - humans are imperfect so it stands to reason that nothing we create will ever be perfect! Rather than dwelling on negatives, refocus that energy on identifying how you can use any video conferencing platform as securely as possible.”

Tip Two - What your meeting about should determine what platform you use.

When it came to holding private or confidential meetings back ‘in real life’, there were a number of practical things that you would consider including whether or not to put the details of that meeting in your calendar and where to hold the actual meeting. Depending on the topic, you may have opted for a private room versus a lunch date where anyone could possibly pop-by and interrupt. Think of the various platforms as different types of meeting locations.

  • If you’re working on something top-secret that requires a high-level of encryption, then perhaps you will want to use a platform like www.bluejeans.com which offers a number of features to secure video conferences.

  • If you're hosting a webinar, then you may want to use GoToWebinar that also includes a way for people to register.

  • If you aren't discussing world domination plans or anything highly sensitive, or do not want the added registration offering, then you are just fine with using Zoom. Also, Zoom is putting a number of measures in place to secure their platform (like waiting rooms) so be sure to engage those new features!

Tip Three - The best preventative security measure is educating your team.

History has shown us that the most secure platforms have one common enemy that can always breach even the strongest of technologies - the human. Your company can invest significantly in the very best technologies and ultimately all that effort can be undone unintentionally by an employee with good-intentions who simply was not aware. That being the case, imagine the damage that could be done by a disgruntled employee acting in bad faith.

“Understand your risk model - if you are discussing nuclear launch codes you probably don’t want to use Zoom. If you are discussing some particular work tasks that need to be accomplished or strategic planning Zoom is probably just fine to use!”

That’s why your first order of business should be ensuring that every single employee who is working from home is properly trained and the good news is that there is excellent FREE security awareness training which you can find at https://wizer-training.com/.

Tip Four - Send out meeting details via a secure channel directly before your call

While it’s convenient to include the URL for the meeting link in your calendar, one of the simplest actions to help secure your call is to keep those details out of the calendar and send it via a secure method five minutes before the call.

Remember that many web conferencing platforms have less than optimal security settings set by default. Take the time to configure the security settings to better reflect your risk tolerance and organizational security policies.

Tip Five - Stay on top of the latest privacy and security revelations.

When it comes to considering the risks to your organization around privacy and security, you have no choice in this new world but to ensure you and your team stay abreast of the latest developments. If you engage with a service that promises end-to-end encryption, only later to find out that it does not have this, you are still responsible.

It’s important to understand that breaches can happen for many reasons. Technology is constantly evolving to keep up with new and changing software languages and also to respond to new cyber attacks that may be happening. This ever-changing environment means that expecting there never to be any security and privacy concerns is not necessarily realistic. Dominic Vogel explains what every business owner should understand realistically about setting expectations with your customers on the platforms that you use.

“I cannot stress enough how important it is for organizations to identify their risk threshold and their business requirements for virtual meetings. Do you need a dial-in number? If so, the platform will have to be less secure by default. Some platforms focus more on functionality. Ultimately it is your responsibility to choose the right platform that best meets your business requirements. Don't pick a sedan when you need a minivan.”Finally, depending on the industry in which you operate, you may have different compliance concerns. For example, brands who are working with children, ensuring they are secure when interacting with you digitally is a top priority. Your organization will ultimately be the one that is held responsible for not only how it responds but also how quickly it responds to new information as it is found. The same holds true for the medical industry and also those working in government.

Navigating the cyber risk landscape is tricky especially with all the conflicting reports from the mass media when it comes to cyber security. Cut through the hype and get to the honest unbiased pragmatic advice by reaching out to CyberSC.