Guest Post by Craig Petronella
With the Coronavirus raging, more and more people are working remotely than ever before. Meaning there are more people using online platforms than ever before to conduct meetings, share work and generally communicate with co-workers than ever before.
Unfortunately, that also means more hackers are able to take advantage of employees working from home than ever before, as well.
One such platform that is really taking off in the midst of this pandemic is Zoom, which has more than 13 million users each month, and an additional 74,000 regular customers, an increase of over 500 percent.
Which is something cybercriminals are aware of, seeing as they have wasted no time in exploiting the massive increase in Zoom use. They have not only started registering fake Zoom domains, but have also begun creating and distributing malicious Zoom files, all in the hopes of enticing at-home workers to install malicious viruses onto their devices …. to the tune of 1700+ new “Zoom” domain registrations since the onset of the virus.
Cybercriminals are using sophisticated social engineering and email phishing scams to exploit COVID-19 fears and anxiety. Stay a step ahead of the bad guys by attending our FREE, one-hour CLE webinar on June 18. Cybersecurity expert Erich Kron will discuss the current threats and phishing traps, how the attackers are targeting remote workers, and what to expect in coming months. This is the latest in Alta Pro’s continuing series of cutting-edge webinars on issues that matter most to your practice. Sign up here.
Zoom iOS Fixes
Zoom is no stranger to controversy. Just last year, they were forced to fix a vulnerability found withing their app that allowed websites to hijack users’ webcams, forcing the user to join a Zoom call with no permission needed.
Then in January of this year, Zoom patched another security hole that allowed bad actors to just guess a meeting ID and then join in on a meeting, giving them unbridled access to private audio, video, and documents. This gave rise to “Zoom Bombing” where hackers would infiltrate video meetings and shout racial slurs or threats. And though Zoom finally fixed that issue by making it so that passwords must be entered manually before participants can join a meeting, and released instructions on securing your meeting, the FBI is looking into it.
10 Steps for Zoom Cyber Safety
- Make sure you keep your apps up-to-date in order patch any potential holes in security.
- Be vigilant when opening any emails or downloading anything sent from unknown addresses and seemingly legitimate domains that contain spelling errors.
- NEVER open unknown attachments!!
- NEVER click on promotional links in emails, and remember… the cure for Covid-19 is not going to magically appear in your inbox.
- ONLY order your goods and services from authentic sources.
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Ensure that your teleworking policy or guide addresses requirements for physical and information security.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721