Remote work and web conferencing: Security and privacy considerations

As more and more people remain at home and work from home due to the COVID-19 pandemic, most of them have been forced to use one or many video and audio conferencing applications out of necessity.

remote work security

For the same reason, many companies have had to quickly introduce these new tools to their employees, all the while hoping the benefits will outweigh the risks until they have had the chance to introduce protections, policies and more comprehensive training.

Enterprise risks

Organizations’ IT and IT security department must decide which teleconferencing solutions can be used to enable continued secure work while maintaining regulatory compliance (though some regulations have been altered to meet indispensable needs in this time of crisis).

One of the risks employees could end up being exposed to are phishing emails ostensibly coming from the IT department, asking them to download a teleconferencing applications that is actually a piece of malware.

Fake invitations to scheduled meetings could also point them to malicious sites.

Also, as many people work from home from their own devices, it has to be expected that the line between business and private use will soon blur and employees will forget that they should not to engage in risky online activities that increase the chance of the devices getting compromised.

Private use of teleconferencing apps

One particular remote conferencing solution is quickly becoming the solution of choice for many users worldwide: Zoom.

The popularity is due to how easy it is to use, to the quality of the video and audio connection, and to the fact that a free account gives you unlimited one-to-one meetings and 40 minutes for a group meeting per day, which is more than enough for most people’s private use needs.

Unfortunately, many users will sign up without reading the service’s Privacy Policy or Terms of Use or familiarizing themselves with security and privacy settings before starting to schedule meetings.

Zoombombing

Though private meetings are much less likely to be interrupted or spied on by malicious individuals, individuals and organizations that use it for bigger online meetings – either for work or after-work socializing and unwinding – must be aware that they could be “zoombombed.”

Zoomboming, a practice performed by online “trolls”, can result in harmless interruptions but also in total and very harmful chaos and, potentially, allow for economic espionage.

The company developing Zoom has offered advice on how to “keep the party crashers from crashing your Zoom event”, but trolls have been able to bypass some of those protection measures (as this Twitter thread shows):

Others have warned about things like private chats during Zoom meetings ending up in meeting minutes, as well as attention and user tracking.

Don't miss