Enter your details below and we'll get back to you.
Share this article
Working remotely comes with its own set of security concerns, and it’s important to get familiar with them now to avoid an incident.
The spread of COVID-19 has caused major disruption across the globe. We’ve all found our daily lives disrupted in some way by the virus’s impact, whether it’s through school closures, work changes, health concerns or all of the above.
And one of the most widely-felt changes is the switch to home working. For those of us who can do so, we’ve swapped the daily commute for a trip to the home office or perhaps even the kitchen table.
This has increased reliance on apps and tools designed to make teamwork and communication easier while remote working. Platforms such as Zoom, Teams and Slack have seen a surge in user numbers in recent weeks. But are they entirely secure? Recent concerns have brought this into question.
The number of people using Zoom – the video conferencing platform – has skyrocketed in recent weeks. Whether for work meetings, family get-togethers or virtual workout classes, figures show that the app had racked up more than 200 million users by the end of March, compared to 10 million at the end of last year.
But recent reports have led to murmurings of hacking and other security issues, so much so that the app is now being banned in schools across the United States.
Many schools have now been asked to switch to alternative apps like Microsoft Teams after a series of incidents in which classes and meetings were hacked, or “Zoombombed”, with disruptive content that featured racist remarks, aggressive remarks, death threats and pornographic content.
Prior to these incidents, the app was already facing criticism for claims that it had been routing video calls through China, and offering no end-to-end encryption of calls despite saying it did so. Reports suggested it was sharing information with Facebook.
Founder and CEO of Zoom, Eric Yuan, apologised for the issues and promised to address them, but for many the damage has been done.
The official statement from the Department of Education calls for schools to “move away from using Zoom as soon as possible”. In contrast to this, government Cabinet meetings have continued to be held via Zoom since face-to-face sessions were cancelled – a move that has led to significant criticism of government security measures from some quarters.
Zoom isn’t the only popular home working app to come under fire. Slack is a widely used platform for messaging and sharing, one which has also seen a stark rise in user numbers in recent weeks.
However, old concerns about the app have also been resurfacing. Last year, Microsoft banned its staff from using Slack over “security concerns around Microsoft’s intellectual property.”
Similarly, Skype is one of the longest-standing video tools, offering security measures from Microsoft like two-factor authentication. However, its current popularity has highlighted past security issues.
In 2016, a piece of malware called T9000 was specifically targeting Skype users; recording calls and uploading them to an unknown server. And in 2019, the Rietspoof malware was spread through Skype in order to download more intrusive malware.
Doing research around apps is an important part of working safely from home. Remote working comes with its own set of security concerns, and communicating with team members about the importance of cybersecurity, the signs of a phishing attempt and data protection best practices is key.
As more organisations have required their staff to utilise personal machines for work purposes, this presents its own new challenges. An innate risk of the Bring Your Own Device (BYOD) approach is that employees may be utilising their computer for social activities that involve a non-specified group of people. A virtual pub quiz or bingo syndicate would be a prime example of this. Used in this context, Zoom and similar tools leave employees exposed to additional risks because user authentication is rarely required in these scenarios.
However, it is still possible to guide workers to put in place a number of controls when engaging in screen sharing activities. Ensuring that work activities are closed down, utilising different user accounts and opting for different browser settings are obvious starting points.
As the popularity of video conferencing and other remote working solutions grow, it is inevitable that hackers will be redoubling their efforts towards these particular tools. This makes it all the more important for workers to understand not only how to use them effectively, but also how valuable data is transferred (or not) using them.
Simple steps like strong passwords can make a significant difference in this regard. Similarly, multi-factor authentication can be important to maintaining tighter security controls. If in doubt, you shouldn’t hesitate to seek external support from security experts to help you utilise and manage remote working tools safely.
The SRM team are still here to help you find the best security solutions for your organisation. From bespoke penetration testing to GDPR support, our qualified experts can provide the advice and services you need.