The 2020 holiday season is coinciding with a major spike in COVID-19 cases and fatalities and many families are opting to avoid travel and potentially exposing elderly and/or vulnerable relatives. Hosting gatherings on video conferencing platforms such as Zoom or Google Meet may help to keep families physically safer, but it can introduce a number of cybersecurity and privacy-related threats.
While the rash of Zoombombing and related hacking incidents taught many remote workers and students about the importance of securing online meetings the hard way in the early weeks and months of the COVID-19 pandemic, it’s important to make sure friends and family especially the less cyber-savvy ones are also aware of the potential risks involved.
Follow these best practices to keep your family gatherings secure and private:
Don’t publicly post your meeting URLs and keep your gatherings invite-only.
Facebook can make it easy to keep in touch, but can be difficult to keep communications private. Posting a public link to a private meeting on social media can open the virtual door to uninvited guests. Send the meeting link directly to guests and be sure that your meeting is set to be invitation-only.
Be careful with emails containing invitations.
As platforms like Zoom exploded in popularity earlier this year, so too did phishing scams disguised as meeting invitations appearing to originate from known associates and email addresses. The goal was usually tricking a target into providing login credentials in the hope the same information was used on other accounts owned by that person.
To avoid trouble, you might want to call or text to verify the authenticity of an invitation before clicking on links sent via email, and be sure to double-check the URL; many meeting-related phishing scams use typosquatting, where hackers use similar versions of domain names to fool their targets, such as zooom.us, or goooglemeet.co. If possible, go directly to the URL listed on an email rather than clicking on inline links.
Use end-to-end encryption
Although holiday conversations with friends and family are unlikely to divulge data with the same level of sensitivity as an internal boardroom meeting, no one wants their communications intercepted by hackers or catalogued by video conferencing providers. Fortunately, there is a security setting that some platforms offer that provides greater privacy.
End-to-end encryption, or E2EE, is a security feature that prevents third parties from being able to access content or communications, similar to how SSL connections help protect payment data during e-commerce transactions. While meeting platforms such as Google Meet offer a limited form of encryption, Zoom has just released it as a feature to both free and paying customers.
Blog courtesy of CyberScout. ©2020 CyberScout, LLC