As organisations continue to develop and expand their remote working capabilities following the extension of restrictions during the Covid-19 crisis, threats to remote meeting facilities are on the increase. In particular, platforms such as Zoom have seen an increase in targeting by malicious actors, with a number of incidents being reported over the past weeks. Some notable incidents reported included:
– Zoom Bombing of home-based classes which have reportedly lead to Singapore’s Ministry of Education to ban the use of Zoom for these purposes.
– Google reportedly banning Zoom from its employees’ laptops, stating that they did not feel the service met their security standards.
– In particular, earlier this week, there were reports made of more than 500,000 Zoom accounts having been listed on the dark web for possible sale.
In relation to the reported password breach it is recommended that you should change your administrator passwords immediately. You could also check if the email accounts associated with your zoom service have previously been compromised using the haveIbeenpawned website.
As with any cloud-based service, organisations using Zoom are advised to review the security controls that they currently have in place for the service, and ensure that the controls implemented are sufficient to limit the potential for compromise.
Zoom provides a number of controls for administrators to manage accounts and user access. Organisations should ensure that the administration and management of Zoom user accounts is compliant with their existing password policies and access control requirements. This may include:
– Use of complex passwords
– Password rotation (enforced password expiry)
– Restriction on the re-use of passwords
– Enabling of 2FA, where possible
– User account time-out after a period of inactivity
– Restrictions on use of sign-in via web-mail or other social media platforms such as using Gmail or Facebook credentials to log in – in particular users should be instructed to not re-use existing passwords which they may use for accessing other social media services
Organisations should ensure that users are fully aware of their password policies, and are provided with sufficient training to manage their Zoom accounts securely.
Where an organisation may feel that the controls currently configured on the Zoom service are weak, it is recommended they enable the additional required access controls, and instruct users to change their passwords as soon as possible.
Most organisations have an acceptable use policy or user security manual in place which instructs users on the appropriate use of company systems and services, such as email, IM, web-browsing, etc. Organisations should ensure that controls regarding the use of meeting conferencing services such as Zoom be included in any policies for acceptable use. Organisations should give consideration to the following:
– File sharing – this should be restricted and/or disabled in line with organisation requirements.
– Video and conference recording –be aware of who recordings are potentially made available to. Where recordings are set to public, these can subsequently be available to anyone with a valid link, including third party participants. Users should be made aware of any personal data and data handling requirements when utilising this facility.
– Screensharing – users should be made aware of potential issues around screensharing where confidential and/or personal data may be inadvertently displayed to persons who are not authorised to view the data. This should be restricted in line with organisation requirements.
– Remote control – where a user grants this permission, they may be giving a third party access to internal organisational resources, and/or confidential data as they are allowing another user to have remote control of their system.
The security controls put in place should always adhere to the principle of security by default. Organisations are recommended to disable or restrict all controls that are not required for their users to carry out their daily working activities, and where features are required, ensure users are:
– Made aware of the organisational policies regarding the use of the services
– Provided with sufficient training on the use of the services so that they can operate the service securely
How Can Ward Help?
Ward can assist you with assessing and identifying potential risks introduced with the move to cloud-based services, such as Zoom including a review the security hardening of your account to ensure that sufficient controls are in place. If you feel a move to another cloud, based portal such as Microsoft Teams is appropriate we can assist in securely implementing your Teams environment.
A number of criminals have taken advantage of the fact that staff are now required to work remotely. In this new environment is important that staff are aware of these cyber threats. Ward have considerable experience of providing security awareness training and security policy development services which can help give organisations and their employees the confidence to securely continue their work in this time of change to remote working practices.
As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:
Contact your normal account manager for sales or email@example.com
Contact our orders department at firstname.lastname@example.org
Contact our service delivery office at email@example.com
Contact our Security Operations centre at SOC@ward.ie
Contact our Network Operation centre at NOC@ward.ie
Contact our finance department at Finance@ward.ie
Ward Support Team