Finding your nearest brokers...

Latest News

IT-savvy organisations cutting down airmiles and their carbon footprint

Zoom in on Your Technology Risk Management

Feb 2020

IT-savvy organisations cutting down airmiles and their carbon footprint, by using videoconferencing technology to bridge the communications gaps between groups of employees, or between consultants and clients, are being warned to put the right risk strategies in place.

Zoom – one of the most well-known videoconferencing tools in the technology sector – was recently made aware of serious flaws in its system protection armoury, after cyber security solutions provider, Check Point, got within one click of crashing into a virtual Victoria’s Secret meeting uninvited.[1]

Although Zoom is used by six-in-ten Fortune 500 companies[2], the meetings of many corporations and businesses could have been entered by what is known as a ‘bad actor’ – a cybercriminal seeking to access sensitive information and meeting documents.

The issue lay in there being no required meeting permissions, if no meeting password was set. Instead, guessable meeting IDs, comprising 9, 10 or 11 digits, were being used[3], which a brute force attack could have cracked.  Once they had validated the code, a hacker could have entered the meeting, only possibly being detected if someone noticed them in the meeting participants list - unlikely if there were a lot of people involved.

Zoom reacted quickly to Check Point’s warning and patched up its systems, creating cryptographically stronger meeting IDs.  This was the second time in a year that holes in its cyber protection were found, with a previous weakness in relation to Mac users’ webcams having been identified.[4]

According to Check Point’s head of cyber research, Yaniv Balmas, any videoconferencing platform carries inherent risks.  With the growing popularity of this method of working with remote or global contacts, many businesses are potentially exposing their sensitive information, or data, to those who could use it in a harmful manner.

Another issue, however, is that of users not protecting themselves.  Some people purposely choose not to set passwords for better protection, solely because it makes life simpler. Other passwords are easy to guess.  Some users keep the same passwords for every meeting, meaning that if they have been unknowingly hacked once, the same could happen again. 

The moral of the tale is to ensure that there is no compromise when it comes to password usage and that any passwords chosen are difficult to crack, using a variety of symbols, numbers and upper and lower case letters. 

Additionally, get the right cyber insurance in place, in case any data breach that could get you into trouble with GDPR legislation, and potentially lead to financial losses, should occur.  It may also pay to check your level of legal expenses cover, if this is not included within a cyber insurance policy.

Where there is a will, there is a way and cyber criminals have made a profession out of finding the way.  Talk to a local broker, after using our ‘Find a Local Broker’, to get good levels of cyber protection in place, particularly if you are a technology-led business using a variety of IT tools and Apps.