The recent wave of shelter in place orders has created tremendous demand for work-at-home services, especially video conferencing. Video conferencing has been around for a long time, but it was always just one of the options. If you wanted to walk down the hall and call a meeting, or even jump on a plane for a face-to-face. You could do that. The Covid-19 pandemic has taken those options off the table for many, so video conferencing is once again a trend.
The rush to either begin using video conferencing or ramp up usage of video conferencing can lead to unwise decisions when it comes to security and privacy. The age-old question when it comes to internet security and privacy is balancing convenience and security. Due to the current demand convenience may win out but when convenience triumphs over security, the bad guys also win.
While all software has bugs, it is important to watch how vendors respond when bugs are reported in their systems. For video conferencing consider what you are ok becoming public knowledge. A teacher doing a video conference with a class of high school students teaching algebra probably doesn’t care if someone can spy on their video session. A CEO sharing a financial spreadsheet among a board probably does care if someone can spy on their meeting, discussion, and the data being shown.
As of this writing, one of the more popular video conferencing platforms, Zoom, has known security vulnerabilities. My intent is not to call them out but to use their example to help others think through video conferencing options. Zoom is used by many, but they have 2 issues right now, and the known issues should have been fixed before being exploited.
The first is for Mac users and was discovered in July 2019. When you uninstall the program from a Mac it leaves behind some Webcam code that is still active and easily exploitable. Any program should honor an uninstall request and remove everything.
Second, for users of any platform, the default security setup for Zoom allows bad actors to find meeting ID numbers and join the meetings. For the reasons listed before, this can be bad. The issue can be mitigated if the meeting organizer sets different security settings when creating the meeting, but many just go with the default settings, which in this case can be bad. Nick Nicholaou, one of MinistryTech’s contributing editors, said, “We’ve heard of people in Zoom meetings that were shocked when a bad actor crashed into the call and began showing unwelcome things via their webcam.” The internet has started calling this #Zoombombing.
Zoom has recently stated that they are going to spend the next 90 days fixing these issues. There are countless articles listing up to 10 steps you can take to have safe Zoom meetings. At this point the question to ask is if you want to use a program that is so poorly designed it requires you to configure it for safe use as opposed to being safe to use by default.
It is also important as you consider and are asked to provide video conferencing resources to look at tools and options you may already have. The last thing we need when this pandemic is over is to come out of it with 5-10 video conferencing apps running on our computers. Evaluate what tools you may already have and standardize. If you use Office 365 or G-Suite you already have such tools built in that work well. If you are connecting with others who use other programs like GoToMeeting or WebEx, ensure the security settings are appropriate and if you won’t need to use the program again be sure to uninstall it. Regardless of what security flaws are discovered and patched everyone in your organization will benefit from some cross-platform standardization.
Video conferencing is a powerful tool but as with most tech, it is important to do your research before charging ahead. For more details on Zoom’s security vulnerabilities, including #Zoomboming and some additional remote working tips check out the following from Nick Nicholaou.
Jonathan Smith is an author, conference speaker, and the Director of Technology at Faith Ministries in Lafayette, IN. You can reach Jonathan at firstname.lastname@example.org and follow him on Twitter @JonathanESmith.