Date posted: 13/11/2020 5 min read

Are you risking your security using free video tools?

Cyber criminals are pouncing on untrained users of Zoom, Google and Slack meetings. So how can you avoid a security breach?

In Brief

  • Collaboration tools were rolled out at speed when the coronavirus pandemic hit in 2020.
  • Many users of Zoom and other meeting apps may not have been properly trained in changing the security settings.
  • Cyber criminals are accessing recorded meetings and using chat in meetings to launch malware attacks.

By Tobias Raper

Video-conferencing has skyrocketed since the global pandemic. And perhaps inevitably, the number of unscrupulous individuals taking advantage of untrained web meeting users has also increased.

There are reports of video conferences being disrupted by obscene language and images, but a more serious threat is intruders who access web meetings without the organiser’s knowledge during or even after the event via the recording.

The security of online meetings should be taken more seriously, as potential data breaches for organisations and their employees, partners and customers can result in reputational damage, financial losses and big fines.

A serious breach of personal customer information, for example, can result in a fine from the Office of the Australian Information Privacy Commissioner of up to A$420,000 (2000 penalty units).

In New Zealand, where the new Privacy Act comes into force on 1 December 2020, it is mandatory to report privacy breaches and non-compliance can incur a fine up to NZ$10,000.

Many organisations have been forced to quickly roll out collaboration apps for all their employees due to COVID restrictions, so it’s the perfect time to review the risks they pose to the organisation

Untrained users let in cyber criminals

At the start of the pandemic, as demand for remote working tools boomed, many of the leading online chat, collaboration and video-conferencing vendors – including Microsoft, Google, Slack, Zoom, Cisco and LogMeIn – made their professional paid apps available for free.

Unfortunately, most users either did not know about all the security settings of video meeting apps, were unaware of the risks, or simply assumed someone in the tech department was managing this for them.

“Most users either did not know about all the security settings of video meeting apps or were unaware of the risks.”
Tobias Raper, Babl

In addition, while the “pro” versions of most of these apps tend to have superior security features – password logins, end-to-end encryption, waiting rooms and blocking file sharing or recordings – the free versions do not.

The risks of reverting to the free versions of video-conferencing apps are real for all organisations, whatever their size.

What are the security risks with free video tools?

1. Access to recorded meetings

Even if a cyber attacker does not get access to the online meeting while it is happening, thousands of recordings of video calls have been discovered on the open web as they have been uploaded by users to their cloud storage services. The reason they were easily found by snoopers through online search was that they used a default naming convention for recordings, which can be found automatically using bots.

2. Default settings that don’t offer good security

The good news is that many video-conferencing services include security settings that can prevent such incidents. The bad news is that it’s often left to users with absolutely no security training to configure them as the default settings do not offer good security.

Organisations should educate all their employees who host meetings on the specific steps they should take in the video-conferencing software to ensure their online meetings are secure during and afterwards.

3. Malware and phishing risks in the chat

Cyber-attackers aren’t just eavesdropping on your video conferencing apps – there are other reasons for their efforts. When online meeting platforms have messaging or chat capabilities, which most do, these can be used to launch phishing attacks and to deliver malware payloads through links and attachments, just like email.

4. Consumer grade apps aren’t made for business meetings

Business meetings need robust security, however consumer-grade or free software may lack the tools needed to keep meetings completely secure. While no technology platform can guarantee 100% protection from all external threats, businesses will get a more complete set of security tools with products geared for professional use.

Ultimately, how safe are the well-known video collaboration apps? The answer comes down to how much effort an organisation has put into securing them.

Tobias Raper is chief executive, Asia Pacific, at cloud-based conference services provider Babl.

Read more:

How to repel a COVID-19 spike in cyber threats

With more people working at home, businesses risk greater exposure to fraud and cybercrime.

Read more