Zoom: While ‘Disappointing’ To Learn Of Hijackings, Here’s How To Be Safe

‘I think a lot of the vendors in the channel are going to figure out a way — and they’re probably already hard working at that — to say, ‘We’re going to push the foundation of security that you don’t have to think about that’ll start to shore up what we’re starting to see now in these large hosted environments,’ Peter Tran, head of global cybersecurity advisory at InferSight.

With millions of people now using videoconferencing tools, like Zoom, to stay connected and productive, cases of “Zoom-bombing” — when a complete stranger joins your meeting to wreak havoc, such as displaying pornographic images, hate images, or threatening language — are being reported.

In an interview with CRNtv, Laura Padilla, head of global partners at Zoom, said when CEO Eric Yuan first built the videoconferencing platform, “it was obviously built [with the intention] to enable users to have almost an in-person meeting over video,” but when news broke of the “Zoom-bombing” hijackings, she was quickly disheartened.

“Especially [during] this unfortunate environment we’re in globally, is disappointing," said Padilla.

“In regards to ‘Zoom-bombing,’” Padilla told CRN, “we have a pretty robust control engine for the host of those meetings to be able to use,” which can be found on Zoom’s YouTube channel.

There, “we have a slew of tutorials that users can now go on and educate themselves a little bit more on user-controls they can use. So for example, if you have a meeting where you want to open it up to the public and you put your meeting ID out there, anybody can join that meeting, right and unfortunately do whatever they want,” said Padilla.

Now as it concerns the channel, Padilla told CRN, “Our partners are super important to us and they’re a really big part of our overall community and Zoom community, so I know they’re getting these questions from their customers as well.”

“So speaking to the partners, [we’re] encourag[ing] them to read all the blogs, to also educate themselves as well on all the different security items that we’re able to allow our customers to use, like the ones I talked about before, protecting your meetings,” said Padilla. “We’re very confident in that we have done everything we need to at those different layers to ensure that user privacy and content is secure.”

How To Stay Safe

Peter Tran, head of global cybersecurity advisory at InferSight and a cybersecurity expert with more than 20 years of experience, told CRN, “We’re now getting used to this new environment, where we get up in the morning and literally just 20 feet across the room you log in. The muscle memory isn’t tuned there yet, so the configurations don’t come instinctively.”

Which is why he said it’s up to vendors in the channel “to figure out a way — and they’re probably already hard working at that — to push the foundation of security that you don’t have to think about [configuring] that’ll start to shore up what we’re starting to see now in these large hosted environments.”

Tran said current risks of videoconferencing tools stem from a significant change in landscape, where “we’ve migrated to millions [of people] going from stand brick-and-mortar to what I call the ‘click-and-mortar’ environment, and as folks are adapting to this new online world that’s the new attack service area for would-be hackers… to more sophisticated, potentially sophisticated cyber criminals who are after the corporations who are having these meetings potentially on these platforms that may be sensitive and often times confidential to conduct their business.”

His advice to solution providers and the channel community: “Now that everybody has moved to these virtual, remote hosted environments, then they should really think about stepping up their monitoring of the overall platform, so they can look for these potential nefarious-types of indicators or behaviors that might tip off your cyber defenders, or the experts that are sitting there in from of their screens to say, ‘Hey, something is wrong here, we should look into it.”

Watch CRNtv to learn more.