CUSO-News---Payments-Report

close

Categories

More Tags

Subscribe to Email Updates

Popular Stories

Pay-by-Bank: Anticipating the Next Wave of Innovations
Understanding Enumeration Attacks and How to Prevent Them
What It Means to Have a World Class NPS
FedNow: Changing the Game for Real-Time Payments
Combatting AI-Powered Fraud wtih AI-Powered Fraud Prevention
Written by Cyndie Martini
on April 21, 2020

With many companies having no choice but to allow employees to work from home, digital hacking, or hijacking of the software used to connect to work is on the rise. Scammers and hackers are specifically targeting remote workers. As workers leave the safe digital infrastructure confines of their company environment, they become more vulnerable to scams. Companies that were not prepared for remote work or having to allow employees to log in from unsecured personal computers.

Zoom bombing became a new term as remote workers flocked to the free video conferencing software. Zoom provides a meeting URL that can be given out to meeting attendees. However, anyone with access to the URL can drop into the meeting. Many employees found this out the hard way as hackers consistently barged into meetings and disrupted them. Google went so far as to ban its employees from using Zoom.

The Zoom hijacking issue is mainly due to employees posting meeting URLs publicly. Meaning, across social media and other areas where anyone can find them. Companies that are set up for remote work and follow best practices don't have to worry about such issues. Their employees login via a VPN (secure connection) that is not available to the general Internet. Some companies will also only allow connections (remote working) from company procured laptops.

The FBI has taken notice of the hijacking problem and recently released a set of guidelines for defending against video-teleconferencing (VTC) hijacking:  

  • Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
  • Consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it?
  • Ensure VTC software is up to date. See Understanding Patches and Software Updates.

Zoom also sent out an email to its customers on how to better secure their meetings. Namely to not give out meeting URLs and lock the meeting once it has started.

There's no doubt that many companies have learned of weaknesses in their remote work strategy. The need for remote work is clear, and now so is the ability to ensure its security.

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Cyber Security

Cyber Security and Ransomware

Cyber security and ransomware go hand in hand in running a reliable business. Firms shouldn't wonder if they are going t...

Cyber Security

US Government Cyber Defense Increases

The US Government's cyber security initiative is controlled by the Department of Homeland Security (DHS). Within DHS is ...