As a business owner in 2021, chances are you've had quite a bit of experience when it comes to using Zoom. Unfortunately, many business owners are not familiar with the specific security risks associated with using the software. While the company takes steps to protect the privacy of users and prevent hacking, these measures can fall short, which could expose you to potentially serious cybersecurity threats. Here's what you need to know to stay safe during Zoom calls:
Is Zoom Safe to Use?
While there are numerous ways that criminals can gather sensitive data through Zoom, there are ways that you can prevent these cyber attacks. However, you have to understand the tactics that are likely to be used. These are considered to be the most common ways that criminals can compromise you or your company over Zoom:
1. Phishing and Social Engineering
Hackers can actually see into your home or business if you're using Zoom, and this exposes you to threats that you would not face if you were talking on the phone or communicating by email. Therefore, it's very important to make note of what is visible to the person on the other end. A hacker could take a screenshot of the Zoom call, which could allow them to home in on any sensitive information that is visible. Here are some examples of things that a nefarious user could see:
- A bank statement from a previous month that is sitting on your desk.
- A bill that includes credit card information
- A view of your mailbox through the window, allowing the hacker to see your address
- The location of a safe or another area with sensitive or valuable materials
- The location of a book that contains a secret recipe or formula
- A sheet that gives information about delivery routes, which could be used by criminals to steal valuable items from mailboxes
- A sheet or open book containing information about your clients and/or customers
Even if hackers cannot physically see any sensitive information via Zoom, there are ways that they may trick you into revealing it. Criminals who launch cyber attacks tend to be highly skilled when it comes to figuring out ways to trick their victims into revealing “bread crumbs” that can lead them to sensitive data. For instance, some will use seemingly harmless questionnaires, which are similar to the identity verification forms that are used by banking institutions.
A hacker may ask you these questions orally during a Zoom call, or they may direct you to a phishing link that contains the questions. Another way that they can gain access to sensitive information is to suggest that you visit a website that is made to look like one for a legitimate financial institution.
If you enter your information on this website, the hackers will then have your information. This will allow them to enter your username and password and log into your bank or credit card accounts. This technique is called phishing, and it is one of the most common forms of fraud worldwide. Zoom calls are one of many online interactions in which criminals are able to do this.
2. Privacy Issues With Zoom Calls
Hackers do not have to actually interact with you over Zoom in order to compromise sensitive information. It's entirely possible for them to do this without ever communicating with you directly. There are many ways that cyber criminals can compromise video calls over Zoom, and the results can be dire.
3. Zoom Bombing
Zoom bombing is a practice that involves multiple trolls joining a Zoom chat with the purpose of disrupting the meeting. The trolls will insult or argue with attendees and may even spout bigotry. The goal of this is to prevent the meeting from taking place, and unfortunately, it often does keep the meeting from proceeding as it normally would.
4. Glitches With Zoom Software
As with any software program, Zoom is subject to glitches. These glitches could potentially cause data to be inadvertently leaked, and this has even caused the service to crash on occasion. If this occurs, it could prevent the Zoom meeting from taking place.
How Can You Protect Yourself From These Zoom Vulnerabilities?
If you are a business owner, it's important to make sure that you take steps to stay safe when you're using Zoom. While there are many types of cyber attacks that can occur, you can prevent some of the most common ones by using these tips:
1. How to Prevent Zoom Bombing
If you are having a Zoom meeting, it's crucial to give the link only to people who will be taking part in the meeting. It's also important to make sure that all attendees take proper precautions to prevent hackers from gaining access to their computers.
This means that all attendees should use appropriate antivirus programs and take precautions to ensure that their devices do not become infected with any malicious software programs. Here are a few ways that you can help all attendees to do this effectively:
- Distribute information about staying safe online before the meeting so that all employees can take the right precautions.
- Teach employees how to avoid clicking on a suspicious link, and tell them not to click on links that they receive via email. These links are often compromised, and this is especially likely if they are unsolicited.
- If you notice unfamiliar people in the Zoom meeting, make sure that you block them right away, and make note of any inappropriate behavior that you observed. If the conduct was serious enough, you may want to report it to the authorities.
2. How to Deal With Privacy Concerns
There are potential privacy concerns when you're using Zoom, but there are ways that you can mitigate these risks. Make sure that you train your employees on how to avoid sharing sensitive information. Here's what you need to know about protecting your privacy on Zoom:
- Avoid revealing any sensitive information to people who are tuned into the Zoom conference if at all possible. If the call were compromised, the hackers would not have access to confidential information.
- Make sure not to discuss any sensitive information, unless you can be confident that everyone in the Zoom meeting is trustworthy and no one else is listening in.
- Immediately block from a Zoom meeting anyone you don't know, and keep an eye out for unfamiliar people who join the meeting.
3. How to Prevent Phishing and Social Engineering
In order to prevent phishing and social engineering, it's important to make sure all your employees know how to identify potentially suspicious links. Luckily, this is easier than you might expect. Here are a few tips that can help you and your employees identify and avoid potential phishing links:
- Teach employees not to open links from emails that come from an unknown or unfamiliar person or organization. Not only can these links contain malware, but they can also direct users to phishing websites.
- Know the signs of a phishing site. Always check to make sure that financial websites use https. Make sure that there aren't any subtle differences between the page that you're on compared to what you've seen on the legitimate site in the past. For instance, many phishing sites will have a slight difference in the URL or logo.
- Never enter any sensitive information on a suspicious website.
4. How to Keep Glitches From Compromising Your Data
In order to prevent your data from being compromised by glitches, there are several steps that you can take. While it is impossible to prevent all potential glitches with Zoom, here are some ways to keep your data more secure:
- Ensure that your computer has an antivirus program to prevent malware and that all employees take steps to keep their computers secure.
- Understand how to prevent glitches from interfering with the meeting itself. Zoom glitches have occasionally caused a server to crash, so you should have an alternative method of conducting a socially distanced meeting. There are video conferencing software programs other than Zoom, and it's best to familiarize yourself with several of them.
- Make sure that you get the latest updates of Zoom, which will help to keep the software running properly.
Make Sure You're Using Zoom Safely
It's important for any company to take precautions against the risks of using Zoom. Start with maintaining as much control over the meeting as possible by using the waiting room feature to manage who enters the meeting, disabling the "Join Before Host" and "Allow Removed Participants to Rejoin" features and allowing only the Host to share their screen. Privacy is also essential when using Zoom:
- Share your Personal Meeting ID carefully
- require a password to enter meetings
- disable the "File Transfer" feature when not needed
- avoid posting meeting URLs where the public can see them so prying eyes don't gain access to your data and personal information.
When used responsibly, Zoom can be an advantageous tool to a company's daily operations. In addition to online security precautions make sure you have the right insurance in place to be protected at all times.
Shawn Tuma is an attorney internationally recognized in cybersecurity and data privacy law, which he has practiced for 20 years. He is a Partner at Spencer Fane LLP. In 2016, the National Law Journal selected him as a Cybersecurity Law Trailblazer and Texas SuperLawyers selected him for the Top 100 Lawyers in DFW.