We live in an age of virtual meetings. For better and worse, services like Zoom have become the connective tissue for how we interact with colleagues, friends, and family members when we cannot or choose not to be together physically.
But events from back in June 2023 have made clear that we must be more cautious with tools like Zoom.
As a business owner, you cannot afford to ignore the security vulnerabilities recently uncovered. Whether you are a small operation or a major enterprise, protecting sensitive data is more critical than ever before.
So let’s dig into this Zoom debacle and determine what we must do differently going forward.
What to Do About Zoom’s Security Issues
Here are the key facts.
White hat hackers discovered that it was possible to hijack Zoom meetings and gain administrative privileges over associated Zoom Rooms.
This enabled access to sensitive data shared via Whiteboards, Team Chat and more.
The researchers at AppOmni disclosed the vulnerabilities responsibly to Zoom, which raced to issue fixes by improving how meeting IDs are generated to prevent brute force attacks.
Still, this is a shot across the bow that security requires ongoing vigilance, not a one-and-done checklist.
Fundamentally, we must challenge our assumptions and ask whether we have truly done enough to secure our own infrastructure and data, as well as that of customers and partners.
Extra Steps for Safety: Multifactor Authentication
Relying solely on passwords is no longer sufficient.
The Verizon Data Breach Investigations Report has demonstrated consistently that over 80 percent of breaches involve stolen or weak passwords.
The solution is multifactor authentication (MFA), which adds an extra layer of protection.
Typically, multifactor authentication requires a password or PIN plus an additional factor, which could be a one-time code delivered via SMS, an authenticator app, or biometric data like a fingerprint.
This defense-in-depth approach ensures that stealing credentials alone is useless to attackers.
Every business must implement MFA, no exceptions.
Keep Your Programs Updated
Additionally, businesses must prioritize prompt software updating. Using outdated applications with known vulnerabilities is like leaving the digital door wide open.
Sure, updates can be inconvenient and cause compatibility issues. But regularly patching and upgrading to the latest versions closes security gaps. For services like Zoom, turn on automatic updates whenever possible.
For in-house infrastructure, use centralized tools to push updates rapidly. There is no debate here. Allowing technical debt accrue by ignoring updates is professional negligence in 2023.
Click with Care
Of course, technology is only one facet of the security equation.
We must consider the human risk factor. Far too often, breaches occur because employees click on phishing links in emails or text messages.
Therefore, businesses need comprehensive security awareness training to spot fraudulent messages asking for sensitive information or account credentials.
When in doubt, reach out directly to supposed senders via known good contact information to verify legitimacy.
Avoid becoming the next victim of social engineering.
Act Fast to Stamp Out Security Risks
What the Zoom vulnerability demonstrates unambiguously is that veering from best security practices has consequences.
We must learn from this example and ensure that appropriate safeguards are implemented across all aspects of our digital operations.
Do not allow the convenience of collaboration tools to override sound data protection.
Work with IT teams or partners to:
- Lock down access
- Enable multifactor authentication
- Accelerate patching
- Boost security awareness training
Those proactive steps will enable businesses to use services like Zoom securely.
Stay vigilant out there.