Secure Online Chats and Meetings
All business activities are being transferred online today. Whether online chats, be e-learning, sales, customer support, e-banking, business meetings, or webinars, everything is going digital and online. Within this process, video conferencing, online chats, and meetings are being a central part of communication.
According to Zoom, it had more than 300 million meeting participants on daily basis in April 2020. This data is an increment by thirtyfold within 4 months from December 2019 when the stat showed 10 million meetings per day. The pandemic made use of these apps inevitable. It is important to secure online chats and meetings to prevent the sensitive data of an organization.
Not only the Zoom app but other means of communication like Teams, Google calls has seen a similar rise, in addition, to an increase of communication in Viber, Whatsapp, Messenger, etc. The users extend to many high-profile personnel too to carry out tasks, activities and communicate quicker.
There has been a quick rise in these communication means but the security issues are yet to be thoroughly revised. The primary questions are if these services of online chats and meetings are safe to use and what protocols to follow for remaining secured.
Online Conference and Calls: Are they safe?
Remote working comes at the expense of an organization’s data getting exposed to threats and hacking. An organization needs to consider some of the following lists to ensure the security of the communication tools being used.
- Service requires the use of an end-to-end encryption mechanism to prevent eavesdropping.
- Multi-Factor Authentication (MFA) to ensure the safety of user accounts.
- The credibility of the technology, whether it is from a trustworthy manufacturer or an open-source code is publicly available for viewing.
- Sharing of information with a third party is not allowed or only allowed after the user’s consent.
- Secure control over deletion of data on client and server side as per requirement.
The National Security Agency has concluded that most of the video chat services lack to follow at least one or two of these guidelines. Like:
- Google G Suite, teams fail to comply with end-to-end encryption and do not have open-source code.
- The Cisco WebEx, Zoom, Slack, and Skype do not have optimal data deletion policies implemented.
- The multi-factor authentication is not available in the GoToMeeting tool.
According to the National Security Agency USA, NSA’s grading criteria, Facebook’s Whatsapp, Signal, and Chat app Wickr got the highest rating on safety and security of use. But this is only an overview from NSA’s perspective. While it cannot be taken as conclusive, further it provides an insight that the products or services in the market are not able to check all boxes and these matters.
Security concerns over online conferencing
All online communications require encryption of data between endpoints. This secures communication and helps to be seen only by end-users and not anyone in between or the application itself.
Third-party Involvement in Communication Tools:
It is of utmost importance to ensure that no third party can potentially intercept or record the communication between users. The safety of number-based meetings in applications like Zoom may be compromised.
Use of Account Data:
The application needs to specify what part of user data will be collected. Furthermore, the involvement of third parties and their associated risks should be clearly defined.
The storage policy of an application needs proper specification. Some of the applications like skype, Viber save photos and logs until a user prompts out of it. Where the data are stored affects data privacy largely and can exploit sensitive information.
To prevent unethical behavior or violation of rules applications may be monitoring the users. Any kind of monitoring without consent is a breach of privacy and security.
Unauthorized Applications and Access:
Some applications download as a part of other applications and get access to the camera and microphone without the user’s consent. This can monitor and grab personal information and reveal it to attackers or hackers.
Some Examples of Privacy Breach in the Past:
In 2019, Zoom installed hidden web servers on a user’s device. This brought forward the security vulnerabilities of a user being added to a call without permission. While the bug in Zoom to Mac users enabled hackers to tap into their webcam and microphone.
Zoom bombings are an example of video hijacking where hackers entered into unauthorized meetings and make racist comments and threats to users. WebEx and Skype were also found to be having vulnerabilities with video hijacking. This caused a disturbance in online classes to educational institutions as well.
These compromised meetings, calls, and conversations are also shared on the social media platform to increase concerns over data privacy. Corporate security as well as individual privacy both become prone to higher risks due to these activities.
How to Protect Your Zoom Calls
While the security concerns are eye-raising from a user perspective. Some of them can be easily prevented by as simple as changing passwords for every meeting and chat room every single time.
How to protect?
- Use of strong passwords and require authentication from users to join the meeting.
- Ensure that screen sharing is locked while starting a meeting every single time.
- Do not rush to click the links and open the documents sent on the chatbox unless verified and confirmed by the host or sender.
- While on video chat it is a good idea to block any personal items or items that reveal personal information.
- Users need to be wary of what is open on their screen before deciding to share the screen. Some applications also have features to display only browser tabs, application tabs, or full devices.
- Update settings: The security settings can alter between devices due to application settings for increasing UI/UX or because of the settings enabled or disabled for a particular device. It requires a check and update.
- Upgrading device: Upgrading to newer stable versions upon availability is also important to obtain more security features.
Keeping safe from hackers
The specifications to protect from data leak or compromise of video chats can differ between applications, platforms, operating systems, devices, etc. But it is important to follow a few principles to safeguard from hackers.
Being wary of sharing information
It is always a good idea not to reveal any sensitive and personal information on video chats and conferences until necessary. All users need to be wary of risks associated with the content being shared online.
Share invitation links with needed parties only
- The invitation links provide access to meetings and chats and hence, they should not be publicized whether it may be in social media posts, group emails, online profiles, or anywhere where the risks of eavesdropping are high. This also requires notifying concerned parties for not sharing the links without authorization.
Setting up alert messages for forwarded meetings
- When meeting emails get forwarded, the host gets notified. This provides a check and expected attendees at the meeting. Also, the legitimate and concerned parties at the meeting can be kept track of.
Use of strong passwords.
- The use of strong passwords for meetings is recommended. If necessary, changing passwords for every meeting is a good idea.
Do not use third-party applications
- Unless needed, it is a good idea to use only the trusted applications during the meeting. Some applications can be monitoring user activities. Therefore, keeping unnecessary applications shut during a meeting is important.
- This ensures that only intended parties have access to the communication. The data is encrypted and decrypted only from end to end users and prevents possible eavesdrop from telecom or internet service providers and even communication service providers.
- Official updates include a patch of security vulnerabilities and risks associated with an application. Updated applications provide more security than an out-of-date version of applications. This method is applicable when using any type of application and not just chats or video conferences. Furthermore, the participant’s devices can also be ensured to be updated.
- Locking down the meetings once intended parties are online is also a useful method to prevent unintended and unauthorized partners.
Using room features
- Room features provide awaiting for participants who intend to join the conference. This feature helps the host to accept a request only from the valid participant. Invitation to speak or introduce all participants to confirm their identities can be implemented.
Know the rules
- It does not matter whether secured meeting settings have been implemented every time because it takes only a single instance of failure to get into trouble. Checking through the settings to check profile and security features is equally important for every meeting.
Enabling privacy features
- Some of the applications provide location or record personal information depending upon its type and features. That is why applications also keep extra privacy features to provide users with more control over what type of information to be shared with them.
Download applications from the official app store
- Always download trusted applications from authorized stores. The ratings and reviews can help identify fake applications. Applications from unauthorized websites can monitor user activities and send sensitive information to hackers.
Confirm identity before sharing
- The identity should be confirmed before sharing any information through chats or conferences.
Multi-Factor Authentication (MFA)
- MFA is intended to protect users’ devices and online accounts from external and unauthorized access. There is more than one step to verify user account in MFA, thus making accounts and devices more secure.
Shutting down the application when not in use
- If applicable, shutting down any applications completely when not in use helps prevent applications from spying on user activities.
- Except for the host, using alerts or blocking any recording of the meeting can be implemented.
- Turn off third-party information sharing systems of an application that request too many permissions. If possible, use a password before accessing apps like cameras, microphones, headphones, data sharing, etc.
Disable video if not needed
- Most of the time the conferences only require conversation, and the videos can be disabled. This helps reduce the risks of revealing personal information.
Do not use public Wi-Fi networks
- The use of publicly available, unrestricted, and unknown Wi-Fi networks can bring a serious threat to a device. The hackers can be looking to exploit user information through these network connections. Hackers can get into these devices with access to everything and leak sensitive data.
Sharing of the device with others
- Whether personal or organizational devices, do not provide physical access to others. Installation of one unrecognized application makes personal or organizational data prone to attackers.
To conclude, video chats and conferences, and associated tools have as many risks as it is easier to connect/communicate. Therefore, these online chats and meetings need to be made secure by and for an organization. All personal and organizational data requires protection and cannot happen only through a user or tools or devices.
It needs a common understanding of the user and collaboration of settings used on devices, tools, operating systems, networks, etc. As stated by Jane Addams,” The good we secure for ourselves is precarious and uncertain until it is secured for all of us and incorporated into our common life.”