Thursday, April 16, 2020

Zooming not so fast....slow down

Video Conferencing Software/Weak Security?


Never Share Passwords
Keep Meeting ID’s Private
Make Use of Waiting Rooms

Zoom, the video conferencing software maker learned a lot of lessons this past month as a result of legions of new visitors who stopped by and signed up as new customers.  The software company Zoom updates from the past weekliterally exploded with new customers during Mid March 2020 as a result of the COVID -19.  However a number of security incidents started happening and with that a fire hose of commentary poured into their email boxes, security blogs, conference calls and forums.  Security professionals came on strong.  One security practitioner commented that the right out of the box the default settings needed serious review and the general public was at the point of the spear - buyer beware.  Waiting rooms, passwords, and many other enhancements all focused on security and reducing risk were heard from all quarters.  

To the credit of Zoom, now known as that easy, cheap video conferencing software have made the changes to improve security (change to many of the default settings, like requiring password as a default for all meetings, establishing a waiting room so you can verify participants and sprinkling of the message not to share passwords, etc) and reduce the risks to many of its users. Zoom has taken it on the chin for many in this functional area: "Video Conferencing Brands" while the rest of the pack gets the opportunity to take another look at security.  Zoom brought on a security professional and kinder days seem to be in the future. Zoom also has a HIPAA compliant application separate from what general users get to use.  See the photo above for the last known update from Zoom.  Zoom is growing and has been sending out improvements as they become available.

Video Conference Software:

Never Share Passwords
Keep Meeting ID’s Private
Make Use of Waiting Rooms



Here are some additional products for consideration:
  • GoToMeeting
  • Webex Teams
  • Skype for business
  • Google Hangouts
  • Join.Me LogMeIn
  • Amazon Chime
  • Microsoft Teams
  • Cisco Webex Meetings
  • Updox
  • Vsee
  • Zoom for healthcare
  • Spruce health care messenger
  • Apple Face Time
  • Doxy.me
  • Face Book Messenger Chat
  • Blue Jeans - recently purchased by Verizon
Check out each of these products and note well during a declared national emergency many if not all maybe used without compliance penalty.  However, after the emergency is over please do use HIPPA compliant software.  See shorturl.at/fijHL for future updates at U.S. H.H.S. dot gov.


NIST - Navigating the Conference Call Security Highway



Today 4/25/20 I reviewed an article from Dr Eric Cole, Secure Anchor Consulting. These are some of his thoughts:

Zooming now household word
Due to pandemic March/April 2020 video conferencing increases 1000 fold.  "Zooming" takes on a life of its own for all brands of video conference calling software.
ZOOM BOMBING:  DEFINED
Is where a person joins into Zoom video conferencing calls uninvited and either 1.) listens in, 2.) gathers important info to use at a later time or 3.) become disruptive to your meeting or event.
How do you protect a Zoom call?
    1. Remember you are a target, 2. Cyber security is your business, 3. Make sure your software is up to date. 

    • Make sure your computer operating system is up to date
    • Make sure your Zoom app is up to date and other apps as well
    • Make sure you are using anti-virus software and its up to date
    • Do not post Zoom links in the public eye
    • Don't click on links you don't know
    • Setting up meetings:
      • Use strong passwords
      • Do not share the meeting ID
      • Use a non obvious meeting ID
      • Use the waiting room function
      • Lock the meeting once everyone is in

New Post: 5/5/20


Jeff Furman my "go to guy" for Project management hosts a blog and has some Zoom fun and other suggestions check it out here:  https://www.linkedin.com/pulse/so-your-internet-crashes-middle-zoom-session-what-you-jeff-furman/

Take a peek at the: Project Management Answer book click the link.

New Post: 5/7/20 am

On a conference call today.  Discussion of fat client verses thin client again for VT software (for the young at heart this seems to reoccur every 5-10 years), functionality services were discussed (I think more of what you are used to using drives the most favorite product discussion) and end to end encryption took place.   Zoom came up and given that it is slowly improving its security posture some note it is moving into the "pack" of other VT implementations given that it will become less of a pick up and use utility because of security concerns.  Those with more security concerns and less functionality can look here: https://www.infosecnews.org/national-security-agency-releases-guide-to-secure-video-conferencing

New Post: 5/7/20 pm

Take a look at this very comprehensive post from Citizen Lab:
https://citizenlab.ca/2020/04/faq-on-zoom-security-issues/

Then this video by none other than: Dr Eric Cole

A few weeks ago there was a lot in the news about ZOOM Bombing. So ZOOM took action and set up some default security to 'appease the masses'. But here's the thing... they did too little, too late AND ZOOM meetings are still being targeted.
It's not over! The adversary is still on the prowl and creating havoc.
I recorded a quick video for you to share with your organization to help keep the awareness around how to protect against ZOOM Bombing.

Dr Coles Tips:


#security  #cybersecurity @Zoom @NIST #VideoConferenceCalling #VT #DrEricCole  #zoombombing


Last edit: Monday, 5/5/20 0930 hours











Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)