Over the weekend The Times reported that hackers have put more than 500,000 Zoom logins up for sale on the dark web at a penny each.
The National Cyber Security Centre has issued a warning advising that meetings should always be protected by passwords and links to them should not be shared publicly, only the person hosting the call should be able to share their screen with everyone joining.
For the vast majority of organisations, the most important things to consider are their own policies and implementation details for any video conferencing tool. These will address the broadest collection of high risk areas, for example: SSO and user password policies, meeting password policies, patching operations, etc.
Bottom line, consumers should be most focused on using passwords with all video conference meetings, keeping the entire endpoint current with software updates (patching), and maintaining general security awareness on all devices and in the home. These measures are much more likely to have an impact on the overall security experience.
In addition to being mindful of video conferencing security during this remote work period, companies should also evaluate and update their network security capabilities to better protect their distributed employees and company data. Many factors, including people having a false sense of (cyber)security in their own homes, could lead to an increase in malware and phishing incidents and even data exfiltration/privacy violations. A security stack that includes behavioral analytics, data loss prevention and IAM is a strong start to better protecting company information across your employees’ individual networks.