As the business and educational worlds have moved to remote settings for classes and meetings due to the COVID-19 outbreak, online communications platforms such as Zoom, Skype, GoToMeeting and WebEx have become an increasingly routine part of our daily lives.
Remote workforces now conduct these types of meetings several times a day in absence of the ability to meet in person, and the same goes for classrooms, non-profit boards of directors, and numerous other groups that need to communicate regularly.
But similar to many technological advances, these platforms all come with a word of warning and a need for additional caution. Because more and more since this crisis began, we have seen evidence of what has become known as “ZoomBombing,” or outside, uninvited individuals who seek to disrupt virtual meetings or classes with inappropriate and harmful behavior.
And the ramifications of such disruptions could be serious if businesses and organizations do not take precautions to mitigate them.
Although called “ZoomBombing,” the threat exists to all of the above-mentioned virtual communications channels, and reported cases are on the rise.
The additional risk with virtual meetings is mainly that the meetings are less controlled and they can be video recorded or have screenshots taken, and individuals attending the meeting cannot be controlled as easily. People can pose as others by changing their names or not showing their face on the video. This needs to be kept in mind each time a meeting or class is held using one of these platforms.
The largest vulnerability for an organization or educational institution is that confidential or private data could be leaked, especially from presentations during screen-sharing or if the meeting is recorded.
Leaking of this information can be used as blackmail (similar to a ransomware attack for either money or leverage) and can lead to reputational loss for the organization or institution. With educational meetings in particular, hijacked data can be used against the teacher to receive a higher grade, or for various other dishonest purposes.
The level of risk really depends on what is being discussed and how loose people are in their conversations. If meetings are hijacked and offensive images or annotations are displayed and then posted to social media, the harm can be severe and can cut deep, to both the institution and the individual.
Everyone involved needs to agree to the rule that if you don’t want something known, don’t put it online, and to be aware of what you have voluntarily offered of yourself and your organization online.
This isn’t to say these companies shouldn’t use these platforms during such a disruptive time as this. How much of a threat this can be to an organization depends on the level of information being exchanged and the level of security awareness and education that is provided. If the company has security measures and policies in place, they will likely be safer from outside harm.
However, every organization/institution is different, so an assessment of their security posture should be performed in order to make an informed decision. There are enough guidelines issued that people should be able to easily protect themselves to a large extent since this is such a highly publicized topic.
Without awareness that “Zoombombing” could occur and without the procedures in place to protect against it—including requiring encryption for third-party endpoints, disabling file transfer, using a password to log in and generating random meeting IDs for every meeting—the consequences could cause long-term harm. Conversely, taking these steps ahead of time could place your organizations on much safer ground; the small amount of time needed to put these measures in place will be well worth it in the end.
The bottom line of this brave new world of online meetings is this—be smart, be self-aware of what you share and do in the meetings and be proactive with the security settings. This is already a chaotic time during this global pandemic, and no organization or educational institution needs one more thing such as “ZoomBombing” to worry about.
For more insights on navigating your business through these unprecedented times, visit our COVID-19 business resources page, which is being updated daily with the latest news you need to know about.
Heather Bearfield, MBA, CISA, CISM, CRISC, is a partner with blumshapiro, the largest regional business advisory firm based in New England, with offices in Connecticut, Massachusetts, Rhode Island and Virginia. The firm, with a team of over 500, offers a diversity of services, which include auditing, accounting, tax and business advisory services. blum serves a wide range of privately held companies, government, education and non-profit organizations and provides non-audit services for publicly traded companies.