Zoom is Not as Safe as You Thought

As more and more people begin working from home and utilizing new video conferencing software. Hackers are finding more and more ways to unsuspecting users into giving up user data.  The latest platform has been the ever popular Zoom video conferencing tool.

What is Zoom?

Zoom is a video conferencing tool, that allows users to connect for free for up to 40 minutes. It has enabled people to connect over the internet and have face to face conversations or meetings when under the current circumstances being in person is not possible.  Zoom is one of the many services our there of helping businesses maintain productivity during the current crisis, including Teamsand Go To Meetingto name a few.

Security issues

Zoom has marketed itself as a secure video conferencing tool utilizing end to end encryption on calls and video chats as well as other security features to protect users.  However, a recent report by the Intercept questions this claim.  In addition Zoom has leaked users’ e-mails and photos to unrelated parties, and the app sent data to Facebook for no reason.

While these reports and recent failings are a concern.  A more recent report has found another concerning security concern adding on to increasing calls to alarm.  Due to how Zoom handles links hackers have been able to steal Windows login credentials from other users, by exploiting how the chat feature handles links.  The good news is that the credentials stolen have the password hashed (not visible) the bad news is hackers already have tools capable of accessing that data.

What can you do?

First and foremost, practice good cyber security hygiene:

  • Do not accept chats from people you do not know
  • Do not click on links unless you are sure of their source
  • When in doubt verify all links by utilizing a search engine

Secondly there is a quick fix available for the more technically savvy that can block outgoing traffic to help stop your credentials from being sent:

Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to “Deny all”.

As of right now there is no response from Zoom, but we do hope that a fix is coming to their platform to protect the les tech savvy.

How can Summit Help?

First there are a number of available options for video conferencing that are available for your company to stay connected during the current quarantine.  Choosing the right solution is not an easy task, we can provide the necessary guidance on what applications and software will work best for your company.

Secondly, with people working from home, now is the perfect time to review your cyber security policies and tools available to you.  Making sure your company is secured is more important now, than ever before.  As hackers are clearly ramping up their attacks during these uncertain times.  At Summit Business Technologies we can help you review your current polices and procedures, as well as the tools you utilize to secure your data.  We can also help you update your different tools and help you create updated policies to better protect your company and your client data.

If you want more information on either of these items please Contact usdirectly to setup a quick phone call to discuss our team and how we can support you and your company.


On Key

Related Posts

Folders labeled with Policy

Security Policy

  What are Security Policies and Why do you Need Them?   One of the most critical services your MSSP (Managed Service and Security Provider) can provide is to identify

Holiday Scams!

Beware of Holiday Scams!

With the Holidays Upon us, Criminals are at it Again As the holiday season approaches, we find that things get even busier and of course, that means we see more

7 Questions to Ask When Evaluating MSSPs

Having an up-to-date technology infrastructure is critical for organizations to perform well in this ever-changing business world. An outdated technology infrastructure can harm your business by: Giving cybercriminals a free