The growth of work-from-home and school-from-home policies have given rise to new types of threats surrounding video conferencing services. When quarantine mandates suddenly transformed video conferences into a lifeline for tens of millions of families, it bred new grounds for a form of cyber-attack commonly known today as Zoom bombing or Zoom raiding. Read on to learn what zoom raiding entails and how to best secure your next video conference.
With the pandemic necessitating a shift to a work-from-home model, various organisations have adopted video-teleconferencing platforms, such as Zoom and Google Meet, to maintain their business operations and stay connected.
However, the rapid adoption of such platforms has also given rise to a unique phenomenon – known as Zoom bombing – that has even kicked off several official inquiries by the Federal Bureau of Investigation (FBI). But for the uninitiated, what does Zoom bombing mean?
A Zoom bombing happens when an unwanted guest hijacks a video-teleconferencing call, typically to share inappropriate or offensive content. While this might seem like a minor inconvenience at first glance, it remains an inherent security flaw that must be addressed immediately.
There are dangerous consequences if hackers are able to gain access to your online meeting sessions. Once inside, these malicious entities can steal confidential and sensitive information shared in the meeting, hack into any participants’ webcams, or gain access to meeting recordings.
No matter the video-teleconferencing platform you are using, it is prudent to take extra measures to ensure your organisation’s virtual meetings remain uncompromised and secure from unwelcome guests. Let us share the practical tips you can consider adopting to prevent the dreaded Zoom bombing from occurring.
1. Establish a secure protocol for the sharing of meeting IDs
There are plenty of ways for you to have full control of the meetings hosted by your organisation. While the mass dissemination of key information about your meeting, such as the meeting ID, might not appear to be a security concern, this practice is actually more dangerous than you might realise.
It is advisable to refrain from sharing these details outside of secure channels. Ideally, there should be a secure protocol for sharing any meeting IDs. You may want to consider designating an authorised staff member to oversee the invitation process from within the conferencing software or only provide the link to those mandated to attend the meeting to minimise the spread of information to unwanted personnel.
2. Utilise the “lobby” features on video-teleconferencing platforms
Rather than allow every participant to enter your online meeting session immediately, thereby allowing nefarious individuals to slip through undetected, you can consider utilising the waiting room or “lobby” features available on most video-teleconferencing platforms.
This feature serves as a barrier that permits the host to allow or deny any attendees, so you have the authority to screen through every participant before allowing them to enter a meeting that is in progress. This function helps prevent unexpected guests from interrupting an important discussion or stealing sensitive information not meant for prying eyes.
3. Implement a password for your online meeting session
One of the easiest and most secure measures to prevent nefarious individuals from disrupting your online meeting session is to implement a password. The password acts as a second layer of security that ensures only authorised participants may join the meeting. Ensure the password is kept confidential and that only those allowed to attend the conference have access to it.
4. Lock the meeting once all participants are present
Even after your online meeting session has begun, it is still possible for an external party to join the meeting if they have access to your meeting ID. The best way to prevent this from happening is to “lock” the meeting once all participants are accounted for so that no one else can join the meeting. This helps to ensure your meeting session is secure and no one else can enter uninvited.
Screen-sharing is an ever-present feature found in video-teleconferencing platforms, allowing participants to share and discuss vital information and meeting agendas. However, this function is also the primary avenue for uninvited participants to show inappropriate or offensive content to everyone present, effectively disrupting the meeting.
To minimise such situations from occurring and lower the risk of unintended sharing of open documents or private files on the screen, the host can choose to make this feature available only to themselves or turn the function off entirely. If screen-sharing is required, the other participants can seek permission from the host to access the feature
Many video-teleconferencing platforms allow participants to record the meeting session for future references. When this function is activated, there will typically be an indicator that informs everyone that the meeting is being recorded – either through an audible announcement or a bright red visual indicator accompanied by the text 'recording' beside it.
However, this function does not require the participants' consent to record the call, leading to a lack of transparency. If you need to record a particular online meeting session, you have to carefully consider whether there is any sensitive information shared during the meeting and ensure that all participants are aware that they are being recorded. Otherwise, the best preventative measure is to avoid recording altogether and disable this function for all participants.
With quarantine mandates in place, people are more dependent on technology today more than ever. As the world turns to video conference platforms to stay connected, this breeds an ideal environment for cyber thieves to steal sensitive corporate or employee information.
As such, it is increasingly crucial for everyone to exercise due diligence and caution in their cybersecurity efforts by implementing critical security measures to protect the company’s, employees’, and clients’ data.
There’s no better time than now to check in on your security posture through the suite of industry-leading cybersecurity services at GROUP8, a premier penetration testing company in Singapore. Driven by the need for top-notch security and offensive approaches to solutions, our wide range of solutions is aimed at assessing and improving your entire cybersecurity ecosystem.