Girl teleworker works at home with a laptop using video conferencing platform

Why Enterprises Should Have Serious Concerns About the Security Shortcomings of Video Conferencing Platforms

Over the past year, as the pandemic accelerated the need for digital communications tools, video conferencing has taken off and become a core technology component of the business world. Yet that growth has also led to privacy concerns, raising questions around these platforms and their ability to protect users and keep sensitive information secure.

Zoom, in particular, has experienced considerable growth and increase in its valuation over the past year, and the company estimates to have over 300 million daily active users. And with other competitors like MS Teams gaining on Zoom’s market share, it’s a space that will surely continue to heat up over the next few years.

But with exploding growth comes the subsequent security problems that have continually plagued these companies. The problem is that most video conferencing systems weren’t developed with security in mind and were built solely to facilitate the online meeting. It’s reached a point where businesses (not to mention school systems and government organizations) are fearful of hackers potentially listening in on conversations and can’t fully trust the security of their virtual meetings.

From small to mid-sized businesses (SMBs) to larger corporations and enterprises, every company needs the assurances that they can communicate safely in a virtual environment. Here’s what they should know about the security vulnerabilities of these widely used conferencing platforms, and what they can do to safeguard themselves against hacks.

Government issues warnings about video conferencing

Last year, when the world was in the initial throes of COVID-19 and the businesses were quickly pushed to go remote, the FBI and DOJ issued warnings to the public about the possible cyber dangers of video conferencing. They stated that people should be cautious of activity from cybercriminals looking to breach these platforms and gain access to sensitive IP including corporate data and military secrets.

This has proven true as law enforcement officials are seeing a rise in the number of cyber attacks during video meetings, including government assembly meetings being hacked, and school classrooms becoming targets on Zoom for hackers spreading hate speech and lewd imagery. As cyber threats grow, instances of breaches will only increase and ultimately the consequences will become more severe.

The latest Russia hack shows that not only are cyber-attacks becoming more sophisticated, but also now easier to conduct. Platforms like Zoom and WebEx have become perfect targets for hackers to infiltrate systems with spyware, and in an increasingly virtual world, enterprises need to know their services are built with strong encryption, multi-factor and out-of-band authentication security, and privacy controls as a core functionality of their video conferencing systems.

How the enterprise sector can integrate more secure conferencing tools

A mixture of work-from-home and the physical office environment will likely be a permanent fixture and a long-term strategy in the business world, and virtual communication tools are going to be vital for keeping operations moving forward. But the real issue stems from the fact that Zoom and others are not cyber security companies, and they did not design their platform with security as a key tenant. You cannot just throw a cyber security band-aid a poorly designed video conferencing platform and expect to work, that’s why recent studies show there are still deep concerns around backend security issues and meeting hackings.

Attack vectors exist in multiple dimensions, and for example, keep in mind that it’s our personal and work laptops and other mobile devices that are connecting to these video conferencing platforms. But our digital devices are often infinitely vulnerable. Current anti-virus software has proven to be susceptible and easily manipulated by hackers looking to spy on users through a computer’s camera or microphone. Using these features, bad actors can listen in on all conversations, including those joining you on a video meeting. They can also see everything being shared; faces, documents, and shared screens. Having this depth of access also allows hackers to steal keystrokes, take screenshots, copy documents, emails and see any other information on these devices.

To ensure absolute security, businesses need to have confidence that these platforms will provide strong two-factor authentication for every user who needs to join a meeting. Currently, invites and meeting requests from Zoom, Teams and others, give attendees a single click-to-join option to all meetings.  But the problem here is that anyone can copy that meeting link and join a meeting because there is no required authentication process. This is a big security problem, and the current platforms like Zoom and others do not require every user to authenticate, every time. As a result of this, businesses will continue to have sensitive, corporate and customer data stolen by hackers, resulting in more data breaches and a loss of confidence that their private conversations, sensitive documents, and proprietary data won’t be compromised.

Conclusion

The coronavirus pandemic has likely altered the business world permanently and enterprises can’t afford to have their sensitive IP and trade secrets exposed and out in the open. The emergence of the threat of cyberattacks and Zoombombs is particularly concerning given the number of employees that continue to work remotely, where network access may not be monitored as closely as it would be in an office environment.

While the video conferencing ecosystem is still in its infancy, the pandemic is changing the way we communicate and has accelerated the growth of an industry. But with many of today’s most widely used platforms still being vulnerable to breaches and unable to guarantee secure meetings, businesses must demand that their employees utilize a cyber-secure video conferencing platform, if not, there’s a good chance that they wake-up one day and see their company name in the news, but for the wrong reason.