Is Zoom A Security Risk?

Courtesy of a global pandemic there are very few small business owners who haven’t used Zoom. This is evident in a report showing that 89% of people use Zoom for work purposes. 

Additionally, the report also shows that the Zoom app was downloaded more than 38 million times. This makes it one of the fastest-growing apps, growing by 2,900% in the last two years. Zoom statistics also show that 470,000 users are paying business customers – including small businesses. 

Understanding The Security Risks Of Using Zoom

In 2020, over 500,000 Zoom user accounts were hacked and sold on the dark web for around a penny each. Numbered among this list of over half a million credentials were people employed at companies like Chase, Citibank, and several universities. 

These records include highly sensitive information, including URLs, email addresses, passwords, and host keys. The kind of details that allow hackers to carry out what has been labelled as ‘Zoom bombing attacks.’ A relatively new term, but no less potent, Zoom bombing refers to the process during which uninvited people gain access to your Zoom meeting to either cause disruption or steal data for misappropriation. 

In addition to Zoom bombing, cybercriminals have also utilised social engineering and brand impersonation techniques to mimic emails from the meeting host in order to generate a link that is then dispatched to participants. When the user clicks on the link, they’re directed to a spoofed login page which then requests credentials. 

It’s at this point that the hacker is viewing the usernames and passwords that you’re entering. Since many people use the same password for everything, this opens the door for a major breach in your business or private data.

Five Reasons Why It’s So Easy To Hack Zoom

Most small business owners have some sort of anti-virus on their systems. Some have even taken the extra step to add a few other security features to their systems, which is a step in the right direction. You’d think that your system would be safe, but then why is it so easy for Zoom credentials to be hacked? 

There are actually several reasons. 

1. No End-to-End Encryption

While Zoom presents its meetings as being encrypted from end-to-end, this statement isn’t 100% accurate. There’s still technical access from Zoom itself. So, if a cybercriminal hacks Zoom, they can use this access point to retrieve your credentials.

2. Analytics Sent to Facebook

A little-known fact to many Zoom users is that location and device data was originally sent to Facebook. This breach was documented in 2020 in an instance where Zoom was sued for disclosing personal data. As a result of the lawsuit, this practice has since ceased. 

3. Strangers Added to Public Contact Lists

You may have seen the feature, Company Directory, on Zoom which automatically adds users to an existing contact list that’s made up of other accounts with the same domain name (excluding Outlook, Yahoo, and Gmail). Essentially, if Zoom detects a similar domain, they’ll add your account to the directory. This compromises your personal and business emails, as well as profile pictures, because it allows hackers with fake domain access to your details. 

Remember, all a hacker needs is a way in. From there, they’ll do the rest to get what they want.

4. Meeting IDs Are Easy to Replicate

Zoom calls use a nine to 11-digit meeting ID, with the option to make meetings password protected. Sadly, many users don’t include a password as it’s “just Zoom.” Without a password, though, anyone with that meeting ID can potentially access your call. Wondering how they’re going to get their hands on your meeting ID?

Cybercriminals use zWarDial, a hacking tool that generates potential meeting IDs to try get into your meeting by embarking on a War dialing attack. Tools like these search for unprotected modems, making it easy to access your valuable data. 

5. Business & Personal Zoom Calls Made Viewable 

Some business owners want to give their employees access to past and present meetings. This often helps with training, however to do this, these meetings just have to be uploaded to a non-Zoom cloud service. Zoom then names the recorded meeting with the identical name, making it easy for anyone on the web to access it. 

You can see how risky it can be, especially if a business’s financials or potential orders are discussed. Hackers routinely to seek out this low hanging fruit in order to create fraudulent documents or use the information as a means to get into the business. 

Four Ways To Protect Yourself From Zoom Attacks

Fortunately, there are a few simple ways you can ensure your system and data are protected during your business Zoom calls. Given that it can take a while for people to adjust to any new system, even simple communication tools, this is good news indeed! 

Here are 4 tips you can use to increase your security. 

1. Invest In Password Security

Systems with weak passwords or lax email security can fall victim to attacks like credential stuffing, which is when hackers use tools to extract these passwords to access your other applications. That’s why you should always use a Password Manager tool to protect all aspects of your system. 

Importantly, Password Security can be used on multiple devices and will save you the hassle of having to remember passwords across multiple access points. It also eliminates the temptation to use similar passwords across all your programmes and apps. 

2. Use Email Security

Zoom meetings create and copy a URL that is then emailed to all the participants. One of the oldest hacking tricks is to send out a malicious link, and once clicked, it delivers malware that takes control of your system. The solution is Email Security, which identifies these kinds of fake URLs, and prevents them from entering your mailbox. 

3. Change Screen Sharing Features

When you allow users to share your screen, you’re allowing hackers to Zoom bomb you. Now, it isn’t necessary for all meeting participants to have access to your shared screen and in most instances, only the host should have their screen sharing option on. 

If it is necessary to screen share, such as if you’re hosting a training session, there are way s to prevent silent hackers from creeping into your meeting and copying your screen in order to gain access to anything they could use. 

Here’s how to share safely:

• Open your Zoom settings app window
• Find the option for Screen Sharing
• Select Advanced settings
• Choose “only let the Host share the screen”

4. Opt For Waiting Rooms

Not too many people use this feature, but it is an extremely useful way to add an extra layer of security. You can simply pre-screen guests before your meeting begins, weeding out any ‘extra’ guests who may have silently logged on. 

Here’s how to use the Waiting Room feature:

• Go to your master settings
• Click settings and select the meeting tab
• Scroll to the bottom until you find “Waiting Room Options”
• Click to let this be the default for all your meetings

Securing Your Zoom Credentials has Never Been Easier!

We trust that this article has highlighted a few of the potential security pitfalls of Zoom, without putting you off from using this highly effective communication tool. All you have to do is change a few settings and invest a few more security features to your existing arsenal, with Password and Email Security featuring right at the top of your priority list!

Security Everywhere understands the daily cyber security risks faced by small businesses. We use individual risk assessments to identify the strategies needed to keep your systems secure. 

Keeping your small business protected is as simple as booking a free discovery session with us today.