ZOOM and your business experience

By Brian Adam
Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.

This company during the month of March 2020, had an exponential growth going from 10 million users to 200 million every day.

By Adrián Bustamante, Member of the CPIC Cybersecurity Commission

The health emergency that Costa Rica and the world are currently going through is causing much concern and fear among human beings, but it has also generated many business and growth opportunities for professionals and companies, as is the case with ZOOM.

ZOOM since 2011 has been known mainly as a platform for videoconferencing. The way to call a meeting in ZOOM is for the person responsible for creating it in the application to send a link to the other attendees, who can thus access it, even if they do not have an account in the service. This feature has greatly helped its popularity.

This company during the month of March 2020, had an exponential growth going from 10 million users to 200 million every day and this represented to the company an increase in its value that took them above many other large companies such as for example from well-known airlines.

But with the great growth came scrutiny and it is there that multiple vulnerabilities are detected and privacy concerns are raised. Even important organizations and characters issue security warnings about ZOOM and terms like Zoombombing appear, a term to describe the entrance of people not invited to videoconferences (a simple Google search for URLs that include the term “zoom.us” can yield links without protection of multiple meetings that anyone could join). This income is provided so that third parties interfere in the normal activity of the meetings (In some cases the intruders shared explicit sexual content, even to children who attended online classes) and also that they can capture confidential information of the people and companies involved in the same (taking control of the microphone and the webcam and recording their contents). Mainly occurs when meetings are created without the use of a password or the waiting room function, and even more so when meeting IDs are published on social networks.

Zero-day exploits were also found that allowed control of computers, exposure of Windows access credentials and other vulnerabilities that put those who had the application on their mobile devices at risk, but most of them have been corrected with various updates that they have published during the last month and the CEO of ZOOM assures that in a maximum of three months all the vulnerabilities will be corrected.

And on the other hand, which is also important to mention, cybercriminals have used websites from which users are tricked into downloading unofficial versions of ZOOM, which contain malicious software to hijack information and extort money. Therefore, security also depends on the care users take.

Some say ZOOM is paying the price for the well-intentioned decisions it made at the start of the coronavirus crisis, such as opening the platform for free to medical professionals and removing the time limit on the free version for many educational institutions. This should lead entrepreneurs and professionals to think in many details before taking the opportunity to grow rapidly, for example:

Having the capacity to meet demand. Both at the infrastructure level, and to ensure the privacy and security of all new customers.

 Analyze if all the potential clients are the ones I want to have and if they are in line with my line of business.
 Take into account that attending to new clients could lead me to neglect current clients and lose them.
 Be clear that greater exposure will generate more scrutiny and even attacks from the competition and perhaps even be the target of a greater number of cybercriminals.

The practices to avoid bad experiences with the use of this application, in part are the same that in general we should have with any application, but there are also some specific practices for this, here we list the main ones:

  1. Keep the operating system updated (applies to both computers and cell phones or tablets).
  2. Have an antivirus installed (on all our devices).
  3. Be aware of updates to each application, as these could correct most vulnerabilities and reduce our exposure to risks.
  4. Do not open emails or files with unknown senders, be careful with links received by the different instant messaging services, avoid browsing unsafe pages and verify the origin and developers of the applications.
  5. Only install applications from stores or official pages. Now, the fact that they are on Google Play or the Apple Store does not mean that they are totally reliable.
  6. Likewise, it is always recommended to have an updated backup of our devices, in case of being a victim of hijacking of our information, not to resort to the ransom payment and not to continue promoting this activity.
  7. Changes in ZOOM parameterization:
     Use a secure password (at least 11 characters, with uppercase, lowercase, numbers and special characters) and unique to enter the platform (do not use passwords that we have in use on other platforms such as email and much less on banking platforms or the like).
     Create a random ID for each meeting.
     Activate the “waiting room” function, to approve the entry of people one by one.
     Disable the option to join before the host arrives.
     Disable file transfer via chat.
     Disable screen sharing, for those who are not the host.
     Close the session, once it has already started, to prevent people who should not enter during the session and that perhaps due to being deconcentrated when being in the middle of a meeting, we could agree to pass the waiting room.

Still, if by implementing the recommendations we were to leak someone without authorization, during the session we can block or silence said infiltrator.

It is important to emphasize that this article is not intended to crucify ZOOM, but to take it as an example for companies and professionals, before venturing into an opportunity that presents itself.

There is no one hundred percent secure platform and we hope that ZOOM will achieve its goal of correcting all its vulnerabilities, since it has many useful features for the times we are facing. And it is indisputable that much of the security of our activities depends on ourselves, being informed, updated and making the best use of the different platforms on the market.

