Are Zoom and Microsoft 365 really secure for remote workers?
With the rise of COVID-19, IT teams and enterprises around Australia scrambled to implement business continuity plans whilst they transitioned to a remote workforce. There is a heavy reliance on the application environment to deliver business continuity, but applications prove easy targets for cyber criminals.
As most companies have moved to an almost remote-only workforce, its essential to look into the security and safety of your business and staff when using cloud-based applications like Zoom or Microsoft 365, for example.
Zoom downloads have risen exponentially with the demand for videoconferencing and collaboration since the COVID-19 pandemic, and they have also seen more problems than predicted. The application has been downloaded millions of times, presenting huge challenges when it comes to cybersecurity.
Microsoft has fast-tracked its enhancements and features to tackle security and the widespread critiquing of its competitor, Zoom. Microsoft will release upgraded security features and IT controls for video conferencing via Microsoft Teams.
The acceleration comes as a result of Zoom facing multiple lawsuits questioning the validity of their security measures for consumers. There are records of a number of security and privacy deficiencies that have highlighted the lack of security of this widely used application, which Zoom has indicated will be resolved in a future release.
Many businesses have chosen to prohibit Zoom, including Google, given the threat of inadequate cybersecurity measures. Some of Zoom’s enhancements are progressing to combat identified vulnerabilities such as ‘Zoom bombing’ that many organisations and individual users have been experiencing.
Microsoft has shared they are responding to demand from end users using Teams at an increasing rate, to work with the limitations of the coronavirus pandemic. Microsoft announced some time ago that Microsoft Teams is an equal player to Skye for Business but there are still a number of high-quality features that Teams needs in order to deliver the same level of sophistication.
Microsoft is making changes like allowing IT administrators to implement company-wide standards as to who can publicly share visual content via a Teams meeting and a standard setting would allow anyone to share materials. Given the way that Teams integrates tightly into Sharepoint and OneDrive whilst making it easy for employees to collaborate with external parties, a key question to consider is the risk around information being exposed due to default settings.
Microsoft has made it more accessible for meeting hosts to change lobby and presenter settings once a meeting has kicked off. Additional changes will prevent external guests from having access to phone numbers and will allow hosts to shut down meetings easier. Hosts can also download reports to send to attendees if there has been a violation.
Zoom recently similarly enhanced to its application platform and the vendor now permits the use of waiting rooms and lobbies, and compulsory passwords. Zoom has incorporated a security button to be visible to all attendees that provides easy access to settings to encourage more transparency around security.
Zoom has highlighted the cybersecurity risks of all video conferencing platforms, as it poses a critical threat to all markets and consumers.
While enterprises continue to transition to online meetings it is recommended to exercise due diligence and extra caution in your cybersecurity efforts.
Here are simple guidelines to follow within your organisation:
- Review the security configuration of your key applications to ensure default settings are not in use and that the configuration meets your risk appetite and business use cases.
- Ensure all applications are updated so you can benefit from all enhancements in security features.
- Ensure that your enterprise remote working policy meets the requirements for physical and information security at these dispersed locations.
To learn more about Zoom and Microsoft O35 Security Risks, and the associated risks with your new boundaryless network, sign up to our webinar here:
Security audits can also help to ensure that software in development and in production, especially third party and SaaS, is free of those configuration and implementation vulnerabilities that could lead to a breach and the associated financial losses, data theft and damage to reputation that often follows.