Using Zoom and video conference tools for work and studies? Here are some cyber security tips

With the circuit breaker measures in place in Singapore, more than half a million students will be on home-based learning, along with even more adults working from home.

Telecommuting and home-based learning will be the norm for the coming weeks and possibly months. Hence, it is all the more essential that we know how to use video conferencing tools safely.

On April 9, one day after the start of the home-based learning period from April 8 to May 4, the Ministry of Education announced that it was temporarily suspending the use of the video-conferencing tool Zoom. This was due to breaches known as “Zoom bombing”.

In one incident, hackers hijacked some students’ Zoom stream and showed pornographic content. The suspension was lifted on April 13 after the ministry reviewed and beefed up security protocols.

Similar “Zoom bombing” incidents have been reported around the world. In the wake of this and other privacy and cyber security concerns, the California-based company has improved some of its security features and meeting controls.

So what should users take note of to prevent themselves from becoming victims of harassment, privacy loss and eavesdropping when using video conferencing tools such as Zoom, Webex, Google Meet and Microsoft Teams?

PRIVACY AND SECURITY MEASURES

Firstly, it is vital to use the latest version of the software so that the bugs of the past would have been removed or fixed.

Secondly, remember that companies such as Zoom collect personal data such as name, email address, phone number, job title and even employer, as well as the IP address and device being used.

Furthermore, if users sign in using Facebook, information will be collected from the Facebook profile. To retain some privacy, avoid using Facebook to sign in. 

Thirdly, do not share your meeting link on public forums or on social media as this makes it easier for unauthorised persons to gain access to your meeting.

Fourthly, familiarise yourself with your platform’s features and settings so as to secure and protect your virtual space.

For instance, Zoom has a “Waiting Room” feature that enables the host to manage the people who join and leave the meeting. Using this feature will enhance your security when hosting a meeting.

Fifthly, users should refrain from using one’s Personal Meeting ID (PMI) to host events for the public. One’s PMI is a personal virtual meeting space that should not be open to others, except for close and trusted colleagues or users.

If your PMI is known to outsiders, they can enter easily into your personal meeting space by clicking on your PMI link. Confidentiality of personal data and PMI is important.

While using their video cameras during a Zoom session, users who want to increase the privacy level and prevent others from seeing the details of their physical background or surroundings can activate the virtual background feature such as a scene from the beach.

Alternatively, you can choose to switch off your camera, if the video feature is not required.  

HOSTING ONLINE MEETINGS

As a host of meetings or conferences, you can take extra precautions. For example, you should retain control of the screen.

Before and during a meeting, you can restrict the ability to screen share, so as to prevent others from sharing undesirable content or snatching control of your screen.

Additional security measures include setting up a two-factor authentication. Users can then only get access if they have the randomly generated meeting ID and a password. This enhances the level of security and limited access.

Another approach is to only enable signed-in or pre-invited users to join in the meeting.

Furthermore, you can “lock the meeting”. This Zoom feature allows the host to prevent others from joining the meeting. In this way, those with the meeting ID and password also cannot enter this virtual meeting room, once it is “locked”.     

To increase security and control as a host, you can exercise the option to remove disruptive and undesirable participants from the meeting.

You can also put the participants on hold and temporarily disable their video and audio connections to reduce noise and prevent interference.  

Such features will be useful for educators when they are using video-conferencing tools with an excited or vocal group of students.

Besides Zoom, there are other video-conferencing options such as Skype, though it has a limit of a maximum of 50 users per session.

Microsoft Teams is another free and popular video-conferencing platform with file and screen sharing features, capable of hosting up to 250 participants in a meeting.

Platforms such as Microsoft Teams and Google Meet require users to have accounts with them, whereas Zoom allows users to participate using their web browsers.  

Another leading provider is Cisco Webex, which offers a secure video-conferencing platform that does not require participants to have a Webex account to join the online meetings.

Its free version can host up to 100 participants, with a range of features including a white board function and no time limit for meetings.

However, meeting hosts will have to use their own PMI to host the meetings in their personal meeting rooms.   

Ultimately, each video-conferencing option has its strengths and limitations and the onus is on users to examine the security features carefully and use them effectively.

Companies offering video-conferencing tools should highlight to users their security features and make a number of these features the default standard mode of use.

Parents and teachers could also educate their young to be aware of the importance of cyber security and to apply security measures when they are online.

In this digital age, cybersecurity is an essential life skill to protect us from online dangers and viruses, as we work and learn at home, while we fight against the Covid-19 pandemic.

ABOUT THE AUTHORS:

Yehonathan Weiss was in the Cyber Intelligence Unit in the Israeli Defense Force and he is currently a product manager specialising in threat intelligence at Cybint, a cyber education company. Edmund Lim is a senior vice president at a listed company involved in education.