July 24, 2020

Remote Conferencing and Collaboration Security

The workplace is changing, remote working and remote conferencing are the start of a revolution that is going to require some stringent cyber security to ensure your business is kept safe. Sam Mendis provides insight into some of the methods to ensure secure messaging and conferencing in your workplace.

Cyber security has always been an important factor in business decisions, from choosing what operating system to use, to deciding what server to place your website on, security is essential. Current times have forced offices to go remote, preventing meetings in person as well as increasing dependence on cloud computing. Most businesses will have had a conferencing software pre-COVID 19 yet were not dependant on it as they will be today. Zoom, Microsoft teams and Google Hangouts are a few which have recently taken off as the pandemic as swept across the globe. All three of these famous conferencing tools have faults yet their popularity is not dwindling.

Zoom has been criticised for its security from the start of the pandemic. From lack of end to end encryption to allowing a lack of education to its users to prevent Zoom-bombing, Zoom has not had a straightforward ride. However, there support is still extremely strong with big endorsements including the UK cabinet using the software for some of its teleconferencing during the pandemic. Ironically, after the UK government had purchased 731 Zoom licences for mainly MoD uses, the National Cyber Security Centre publicly stated that the platform should only be used for public matters and no confidential information should be disclosed over it. This forced Zoom into a rethink and in June announced that all customers would be eligible for end to end encryption on their calls. This announcement was long awaited and has finally ensured one of the major teleconferencing software’s used during the pandemic is fully end to end encrypted.

Another popular platform is Microsoft Teams. Microsoft Teams is used in all types of environments especially for those companies who have committed to use Microsoft clouds (OneDrive) as their form of data storage. Teams allows the user to upload files from OneDrive and present using them seamlessly thereby making Teams a great tool for those who use Microsoft Office regularly. However, Teams is not perfect. Guest access allows a team owner to invite parties from outside the organization to the team. This person may be necessary in the form of a consultant, however, there is no limitation to their access once they are made part of a team. This can cause issues as the consultant may not need some of the sensitive data, yet they may have full  access to it creating privacy issues. Another sticking point is the way apps from third party providers can access the data within the team. In Teams the apps allow users to get direct updates from other services. These apps request (and sometimes require) full access to their data, which can cause further security concerns. Lastly Teams is not end to end encrypted. This can increase risk of data being accessed by third parties in transfer. Clearly, this is not desired, especially when dealing with sensitive information.

Google Hangouts has gained popularity during these last few months. Again, Google Hangouts is very convenient for those organisations which store their documents in the Google Drive. Similar to Microsoft Teams, Hangouts does have security concerns. Firstly, images shared during a hangouts chat are shared using a public URL. Now alarming may this be, Google have stated this was done on purpose. These URLs can be over 40 characters long making it harder to crack than most passwords. However, if shared accidentally these URLs can lead to sensitive images without the need of authentication. Another flaw of Hangouts is similar to a flaw in Microsoft Teams. Hangouts doesn’t involve end to end encryption of data. This is surprising given that both Microsoft and Google claim to take privacy and security very seriously.  There are benefits to Google hangouts. In my opinion it is by far the most comprehensive system which allows full integration of calendar, cloud, video conferencing and chat. Hangouts is by far one of the best solutions as the comprehensiveness of the system allows one to not have to use anything else to supplement it.

The three I have mentioned are not the only software’s available, however, they are by far some of the most used systems. To ensure you are fully secure during these times ensure that your employees use a VPN when connecting. This may slow down connections slightly, however, it is very important to ensure privacy and security. Furthermore, using private devices is becoming more and more prevalent with working from home which can increase security risks. If possible, provide employees designated work devices to ensure whatever employees do in their private time will not affect the security of your network.  If this isn’t possible encourage employees to update all software as and when it comes out. This will help prevent attacks which focus on flaws in older operating systems. Additionally, ensure employees have an antivirus software installed on their computer to help mitigate against potential malware.

COVID-19 has changed the future of work. However, ensuring that your company is ready for the next threats is essential. For further information on good cyber security practice advice is available at the National Cyber Security Centre with specific guidance on Bring Your Own Device, homeworking and Cloud security.

Sources: newstatesman.com, norton.com, guardian.com, netwrix.com, popularmechanics.com, google.com, ncsc.gov.uk, avg.com, time.com. Accessed [24/07/20]