Working from home has resulted in an increase in the use of digital platforms and is now an integral part of our day-to-day lives which we refer to as the ‘new normal’. Commonly used platforms are Zoom, Microsoft and Google. Users are focused on getting the job done and seldom focus on cybersecurity while engaging on these platforms.
Hackers are lurking in the increasing popularity of these platforms and are taking advantage of the vulnerable untrained user. The good news is that these platforms contain several security features that help combat cybersecurity threats, but the bad news is that end-users are not trained in understanding these settings. Cybercriminals continue to use the COVID-19 pandemic to their advantage and working in a secure environment is of utmost importance.
The most common threats
- The most common threats identified to date are:
- Bombing meetings: This attack involves uninvited guests joining the meeting to just listen to the conversation or, in some instances, share inappropriate media or information.
- Stolen meeting links: Generally using the same meeting link poses a high risk: attackers may gain access to these links and misuse them to their advantage.
- Malicious links in ‘chat’: Malware is considered a major IT risk. Once attackers gain access to a meeting, these links are shared using the ‘chat’ function allowing hackers to obtain unauthorised information through these malicious links.
Measures to take
- Various measures can be implemented to mitigate and manage this, thus ensuring a safer environment:
- Use corporate-specific software: Video conferencing tools available to consumers and corporates do not have security features that could protect an organisation from cybersecurity threats.
- Make use of the waiting room: This feature allows attendees to wait in a separate virtual room and only the host may let in the attendee based on some level of verification.
- Ensure that passwords are used for all meetings: Make use of passwords as an added security measure. Create new, powerful passwords containing a combination of letters, numbers, characters, etc.
- Do not share links: Links to the meeting should only be used by participants as received and not shared using other channels. As an added security measure ‘notifications’ can be turned on to inform the host when someone has joined a meeting.
- Participants should not be allowed to share screens by default: The host of a meeting should have full control over screen-sharing and allow the relevant participant to share a screen only when required to do so.
- Prevent recordings of the meeting: Block attendees other than the host from recording the meeting.
We may not be able to manage cybersecurity completely, but we can surely do our bit.
AUTHOR | Pranisha Rama CA(SA), Auditing Lecturer, University of Johannesburg