Mark Anderson and Libby Powers chat about Zoom best practices and share the story of a client who recently got Zoom-bombed after posting the details of their call publicly. Zoom has some security features baked in, but be sure to toggle them and use the tips Mark and Libby share to ensure you have the best Zoom experience! And if you’d like to read more about these tips, check out our blog on the subject!
Last year when the COVID-19 pandemic restricted our ability to connect in person, we all became very familiar with the video conferencing software Zoom. No one could have predicted that a significant chunk of business in 2020 would be conducted through webcams and video calls. Schools, universities, and businesses have chosen Zoom out of the handful of similar services for years, but now more people than ever have adopted this technology as an essential part of virtual life.
Anderson Technologies has written about the risks that come with working from home, but as we move into the new year, more and more people are choosing to work remotely now that their businesses are working to put infrastructure in place to make a long term remote workforce more secure. This means Zoom will continue to be a linchpin in the business landscape for the foreseeable future.
Still creating your work from home systems and want to make sure you’re doing it right? Take a look at our in-depth guide to working from home securely and then give us a call.
What is Zoom and How Does It Work?
In case you’ve only ever received a Zoom invitation link for a video chat and didn’t look further into the platform, it’s important to understand what this service is before you use it. Zoom is a cloud-based video and voice call service software that works on almost every device and operating system. The basic platform is free, but if you want larger groups and longer meetings, you’ll have to pay for a plan.
Users can access the platform by downloading and installing the Zoom mobile app or desktop client. Anyone can be invited to a Zoom meeting with a link, but only users with a Zoom account can create and control a meeting. The host of a meeting can also require authenticated Zoom profiles, which means everyone attending would need to have a Zoom account.
Is Zoom Secure?
In most cases, yes, though there are some common exceptions. Zoom’s platform offers many meeting settings that allow a user to control the security of a meeting according to their specific needs. The important thing to remember is that you’ll need to review all meeting settings before it begins so that you don’t have any interruptions.
Over the last year especially, Zoom has been the subject of a number of headlines and scandals regarding their security practices. Because of its sudden boom in 2020, lots of Zoom’s security vulnerabilities have risen to the surface, specifically Zoom’s former practice of stating the platform had end-to-end encryption when it did not—an issue for its HIPAA-compliant users.
For more information on Zoom’s security and privacy practices, visit their site. Zoom also offers a deliverable PDF of best practices if you’d like to provide your team with a physical copy.
Public, unsecured meetings are subject to “Zoom bombing,” in which uninvited participants hop into random meetings and cause chaos. Students and teachers using Zoom often found themselves barraged by interruptions ranging from harmless to inappropriate and criminal. A recent analysis of zoom bombings during the first seven months of 2020 found that the majority of incidences were executed by other students or insiders with access to these meetings. This means that users should consider taking more than the bare minimum precautions when using Zoom.
5 Zoom Security Tips
As we continue to rely on Zoom and its digital counterparts to keep businesses on track, here are five easy tips to keep you and your virtual connections safe.
Alternatives to Zoom
If you’re still searching for the perfect video solution for your business, there are many alternatives available:
General Video Safety Tips
No matter which video conference service you choose for your business, there are some general best practices to keep in mind.
Zoom and its counterparts are here to stay, so no matter which video conferencing platform you decide on for your business, it’s important to encourage your team to use best practices even outside the office. As businesses adapt to the changing digital landscape, make sure you keep your employees and your security safeguards ready for anything the future holds.
Need help choosing a video conferencing platform, or have other questions about your remote work security? Anderson Technologies is here to help. Contact us today!
What does your phone know about you? What about your email or your browser? What can strangers—or scammers—find out about you with a quick search?
This is called your digital footprint, and for the security- or data-conscious consumer, this is old news. What might not be old news are the many ways to be aware of, change, and erase parts of your personal and professional data footprint.
Some parts of your digital footprint are visible to everyone. Think about what appears when you run your name through a search engine. Some information is public and accessible to someone willing to dig. This might involve cross-referencing screen names, email addresses, and photos. Other aspects of your footprint are locked within a service such as a search engine, social media account, or browser. The risk in this part of your footprint lies in how an app or service uses your data and if that data is susceptible to breach.
There is a lot you can take control of on your own with a few clicks, if you know what to look for. The information below isn’t meant as an all-encompassing guide. For questions connected to your specific technological setup, you’ll need to contact your IT support provider.
Phones and Tablets
Our phones have become our constant companions, connecting us to so many of the ways we interact with the world. Most Americans use Apple iOS or Android devices, and there are a lot of ways to tweak digital footprints on these devices, but for those dedicated to security, there are other options.
What are the differences between Apple and Android? And can third party OSs compete? Learn about the pros and cons of each type of device.
A good general rule across all operating systems is to disable Bluetooth and Wi-Fi connectivity unless you are actively using them. Bluetooth can be used to query your device’s location and even sneak malware right under your nose. Never connect to unsecured Wi-Fi networks, and definitely don’t access sensitive information over those connections. Avoid using Wi-Fi provided by companies or organizations you aren’t familiar with, even though it can be tempting to check your email over lunch.
Take a close look at the permissions you’re giving to each app on your phone. Apple’s most recent updates are making this easier by directly stating the permissions for each app and allowing for granular control. Does your favorite mobile game need access to your camera or photos? Probably not! And if the app doesn’t function without that access, it is time to find an alternative app.
Android phones also make it clear what permissions you’re granting to a given app when it’s installed. You can also check per-app, and then delete or modify those permissions if necessary.
The latest headline in mobile security issues involves zero-click hacks of iPhones. There’s nothing security-conscious users can do at the moment, aside from noting any bizarre behaviors and continuing to exercise caution regarding sensitive information that is stored on or accessed by a mobile device. But this venue of attack seems to be on the rise. Installing OS updates as they roll out may be an effective deterrent to these attacks.
Divide and conquer. Designate separate emails accounts for separate purposes and don’t cross the streams. Don’t mix work and personal accounts, despite how tempting it may be! These two accounts are often approached with different security considerations and different contact lists. Beyond data gathering by email clients, email itself can increase risk to all of your cyber connections due to the abundance of phishing emails.
Gmail
Your personal email can often be a heavier load on your digital footprint than your professional account. It is only human to occasionally let the security vigilance expected at work lapse during off hours.
Google has made clear they plan to roll out new privacy measures soon. These options will not only allow users to turn off features like smart reply but also to opt out of allowing their usage data to feed the algorithm used to make these features stronger.
While we wait for these changes to roll out, take a look at the privacy controls that already exist. If your Gmail account is tied to a Chrome browser login, those privacy controls can seriously impact the ads you see, the history that is logged, and what information is tied to your account for Google’s services. It may be wise to log out of your Google account before using services like the search engine or Google Maps.
Any account you log into can allow parties to track your browsing history. Check the settings of your email, social media, and even browser extensions before remaining logged in while browsing the web.
Outlook
If you’ve been receiving “Your Daily Briefing” from Cortana and feel uncomfortable about your emails being read by AI, rest assured security is still in mind. According to Microsoft, Cortana meets the same rigorous security standards of Outlook itself. Information for these emails is stored only in that specific user’s mailbox. Cortana data is never reviewed by humans unless specifically requested by the person who owns that data. If the service isn’t helpful or continues to make you feel unnerved, it’s easy to unsubscribe from the emails, and even turn off Cortana’s search assistance in other aspects of your Microsoft account.
Regardless of what email service you use for personal or enterprise use, make sure that passwords meet best practices. Check Have I Been Pwned to see if previous (or current) accounts and passwords have been disclosed in any data breaches. Use different passwords for different email accounts, and don’t use those same passwords on other accounts or services.
Social Media
Facebook is an incredible example of the sheer amount of data we hand over in exchange for free services. It is somewhat unique in the massive scope and importance Facebook places on finding new ways to gather and profit from your data.
The most basic setting you should consider is whether your profile is public or “friends only.” Who can post on your wall, tag you, search for you, or add you as a friend? Once you lock down your account, or at least continue with the knowledge of these settings, it is time to set aside an hour or so to really dive into Facebook’s settings and marvel at the apps and sites you’ve (often unknowingly) given access to, the profile of information Facebook has gathered on you based on your activity, and the browser data Facebook collects while you’re logged in.
Explore your Settings & Privacy, and drill down into each aspect, including Ads shown off Facebook and the tracking of your Off Facebook history. Consider designating a Legacy Contact—someone who will gain control of your account if something happens to you.
There are a lot of options to explore, and your decisions about these options will differ from everyone else’s, but do take the time to review them.
Other Platforms
What information is required just to sign up? Has the platform had data breaches in the past? If paid, what organization is receiving your money? If free, what data and tracking are you giving away in exchange for using the service? Can you adjust who can see the content you post? In the Terms of Service, does the platform reveal that they claim ownership of everything posted there?
Browsers
It is a good idea to know how much history and website data your browser holds at any given time. Using Private Browsing, Incognito, or similar private windows can help to control the flow of information, and each browser offers some degree of control over what data and how much of it is saved.
Safari
The Privacy & Security section has an option to prevent cross-site tracking, which will prevent those annoying re-marketing ads from sites you visit but don’t buy from. Help yourself identify shady websites by turning on Fraudulent Website Warning.
Chrome
Your Chrome browser is most likely tied to your Google account. One benefit is that all of the tracking, ad settings, and user profile data is in one place. However, Google, Gmail, and Chrome default to a significant number of trackers, build detailed user profiles, and allow for tailored ads. With settings reviewed and extensions restricted, Chrome can be a powerful and safe browser for those watching their digital footprint, but out of the box it probably knows more about you than you’d like.
Edge & Firefox
These browsers come with default settings that block many trackers and ads, making them recommended by many security professionals.
Other Browsers
Many of the less popular (in terms of sheer number of users) browsers do offer a stricter, more security-conscious approach to browsing the web. Always take the time to review the privacy and security settings for whichever browser you use, whether on your computer or mobile device, and whether for casual or professional use.
Advertising & Other Tips
Adblockers
Adding an ad-blocking extension is the only way to truly eliminate advertising in your digital life, but you should know that it can reduce functionality for some sites. Many sites cover costs with advertising, and may be not be accessible while an adblocker is in use. Be careful to use known and trusted developers when choosing these extensions. Malware can come disguised as legitimate plugins and extensions. Even if the program isn’t malware, you are still allowing any extension you add to view your data. You may be giving up some privacy in exchange for the service, so weigh the benefits before adding an adblocker.
Trackers
Safari, Firefox, and Brave browsers all alert users when websites are using trackers. Some trackers are used to boost web performance. Others are intended for serving ads and could even be seen as invasive depending on how you feel about privacy.
Search for Yourself
While you are taking control of the information that browsers, email clients, and trackers gather about you, it’s important that you don’t forget about the information you share willingly, now or in the past. In a variety of search engines, take a moment to search for your name, any previous names or aliases, and even details like your phone number or address. Seeing the amount of detailed information available publicly online—much of which that you didn’t choose to share—can be frustrating.
If searches result in expired accounts, regain access and modify or delete the account. If a search reveals information that you want deleted—perhaps a youthful blunder or something you wrote that you no longer believe—you can query the hosting site and ask for removal. This can have mixed results, or often none at all, so when you spot something you can’t get rid of, focus on providing real and accurate information where you can. Update your LinkedIn profile, or create a simple website that identifies who you are and what you stand for. Don’t address or bring up other less flattering search results unless asked directly about them.
In the worst-case scenario, something pervasive is muddling your entire digital footprint. In this case, using a reputation or deletion service is understandable, but still may not be able to provide perfect results.
The Bottom Line
Shoshana Zuboff, author of The Age of Surveillance Capitalism identifies people, and our behavior, as the fodder tech feeds on.
“Businesses want to know whether to sell us a mortgage, insurance, what to charge us, do we drive safely? They want to know the maximum they can extract from us in an exchange. They want to know how we will behave in order to know how to best intervene in our behaviour,” she says, in an interview with The Guardian.
Users of technology, social media, and Internet of Things devices need to understand that, while our digital footprint can be adjusted, our data is, according to Zuboff, the primary currency.
Does this mean that you need to throw away your phone, your Fitbit, your computer in order to maintain your privacy? That is going to depend on the way you feel about the exchange of data for service.
The push and pull of privacy vs. convenience and connection is not going away any time soon.
Overall, the process of managing your digital footprint can be time consuming, and even costly, especially if you are starting the process for the first time. For the majority of users, the quicker process of toggling settings and hitting unsubscribe may be enough to satisfy the privacy itch until the next update or news story. But for the truly security conscious, it may be worthwhile to contact your IT support provider for additional tips specific to your situation.
If you’re looking for additional guides about your digital footprint, check out
Anderson Technologies has been featured by Small Business Monthly as one of St. Louis’s Best IT Firms or Best Cyber Security Firms for the past four years, and this year we are pleased to make that count five! We’ve been named a Best Cyber Security Firm for 2021.
A core tenant of Anderson Technologies’ 25 years serving the St. Louis area is our education and employee training approach to cyber security. Beyond the purely technical aspects like security monitoring, system audits, and essential hardware—all key parts of managed IT services through Anderson Technologies—we’ve found that continued education on cyber security risks and solutions is often what makes an impact and keeps an organization safe.
Do you need an expert eye on your organization’s cyber security? Download our FREE Cyber Security Essentials Checklist to see where your organization stands in 2021. For more help, please call us at 314.394.3001 or send us an email at info@andersontech.com for more information.
Internet of Things (IoT) devices provide a service to the user, but also provide a glut of information for developers. Developers state that the information collected is a tool for honing services and enhancing user experience, but this information is also worth a lot of money to them for ad targeting and consumer behavior patterns.
Anderson Technologies reports on a wide variety of topics to help keep you and your business’s technology safe from harm. But sometimes preventing trouble isn’t about the hardware or software you deploy—it’s about the people you employ.
The year 2020 has been host to worldwide climate disasters, a global pandemic, and political and social upheaval. Bad actors take advantage of chaotic times and prey on those most vulnerable. Whether you consider yourself tech-savvy or not, it’s more important than ever to be vigilant about your digital communications.
We all know someone who has fallen victim to a phone or email scam. Some of us might have received a desperate call from a friend or family member trying to undo an unknowingly self-inflicted intrusion on their personal or financial information. Members of the Anderson Technologies team have received such calls, one of the more memorable being, “The Russians have hacked into our computer, and we’ve been on the phone for a half an hour or so with India. The guy’s helped me reestablish my password, but he thinks we should do some further work and maybe take the modem to the Apple store.”
This is so common that it’s become part of our cultural understanding, and it’s likely that you have even joked about “Nigerian princes” or romance scams that target people just looking to connect with others. Why would the Russian government want to hack your personal home computer? Why would a Nigerian prince choose you to receive their inheritance? Thankfully, in many cases, experts are involved before permanent damage is done.
What you might not know, however, is that even the corniest scam could have a network of planned, patient individuals behind it. Scammers target unsuspecting users and gather data publicly available on the web or sold in data breaches to build trust and elicit the missing pieces needed to access private account information. But how do these choreographed schemes apply to your business?
It’ll Never Happen to Me
Who do you picture when you hear the words “scam victim”? Several stereotypes may come to mind: blue collar workers, bored housewives, or older folks, to name a few. But if you don’t fall into those categories, it’s too soon to consider yourself safe! Thinking scammers won’t attack because you’re an improbable target leaves you exposed and off guard.
For this, we can blame optimism bias, which is the tendency for individuals to believe they are less likely than others to be vulnerable to negative events. Even when the Better Business Bureau (BBB) or the Federal Trade Commission (FTC) releases accounts and warnings about the thousands of scams reported each day, in-the-know readers might react by thinking these threats don’t apply to them. Aren’t you too smart to be fooled? What would you have that a hacker would want anyway?
Money and data are the driving forces behind nearly every cyber scam. Whether that scam affects an individual or an entire business, any instance of a bad actor getting past cyber security safeguards runs the risk of damaging your business. And when you consider the inaccurate stigmas surrounding scam victims that is pervasive in our culture, it’s even more difficult to stop the problem at its source.
“We often don’t want to acknowledge to ourselves that we’ve been conned. It’s crazy how often you have people who, even when you present them with evidence that they’ve been the victim of a scam, refuse to believe it. The other thing is even if we do realize we’ve been scammed, we often don’t want to let other people know, because we’re embarrassed.” – Maria Konnikova, author of The Confidence Game: Why We Fall for It … Every Time, in an interview with The Cut
But We Have a Firewall!
Personal consumer or romance scams may not seem like they’re much of a threat to your business. Like any physical crime, cyber criminals can’t gain access to your business unless there is a vulnerability or breach of some sort, such as when someone opens an email or answers the phone. Who your employees share information with on their own time may not seem to be your concern as a business owner, but good personal practice translates into a stronger, safer business.
Phishing and spear-phishing campaigns are some of the most commonly-encountered scams, and they’re now more dangerous than ever. Business email compromise (BEC) has consistently been one of the leading dangers to cyber security infrastructure in nearly every sector. No business, large or small, is safe.
Hacking into your business’s hardware systems or networks is only one way to gain unauthorized information. Dedicated spear-phishing tactics use data mined from public accounts and web activity to target specific departments or employees. The only thing that separates personal consumer scams from business scams are the lies the criminal uses to try to break down your barriers.
Scammers often take advantage of brand familiarity and emotional response. Unexpected messages from a random email address or blocked phone number are much easier to ignore than a seemingly safe communication from Microsoft or UPS.
One scam that aims directly at businesses is the “Directory Scam.” Employees receive a call from a well-known or non-existent agency requesting business information to update their directory. When your employee provides them with your business’s address and contact information, they send a fake invoice for the “service” and, if questioned, often fire back with edited audio from their previous call that “proves” your employee accepted the charges.
Another targeted hustle that’s gained steam over the last couple of years is known as the “Grandparent Scam.” In the linked case study, the victim receives a call from a scammer who claims to be his grandson needing bail money. This scam may seem ridiculous, but many have fallen victim to it because the caller knows the names of the grandparent and child as well as other personal information that would encourage one to believe they’re telling the truth. The scariest part about this scam is that the scammer called this victim at his place of work, further illustrating that public data on the web is available to anyone with the knowledge to find it.
The “Nigerian prince” scams that often get joked about really did happen in the 90s, but this grift now encompasses a more extensive network than traditional romance scams of the past. Previously, organized groups known as Yahoo Boys would target susceptible victims and forge an online “relationship” with an individual. The fraudsters, named after the popular search engine, spend weeks or months keeping these scams going, until the scammer creates a convincing story about needing money from their online partner.
Now, COVID-19 has blurred the line between BEC and individual-targeted scams like those from the Yahoo Boys. Many people currently feel lonely, isolated, and desperate to make connections during what may be one of the scariest and most stressful periods of their lives. Higher numbers than ever have transitioned to permanent or semi-permanent remote work situations. This means that your business networks are now at risk in new ways, such as if an employee accesses a business connection from their home office and uses it to check their personal email. A bad actor can potentially find a weakness in the remote work environment that leads them right into your business.
“People who are going through times of extreme life change, for instance, are very vulnerable to con artists because you lose your equilibrium.” – Maria Konnikova
Scammers who’ve spent time learning about their target may have information that allows them to guess passwords or use public data available to anyone with the knowledge to find it. A simple personal scam can become the first step in a BEC attack that affects your entire business.
What Steps Can I Take to Protect My Business?
Bolstering the human side of your cyber security strategy is your business’s best shot at breach prevention. BBB is one of many organizations to provide a checklist of ways to educate yourself against common scams. While most of the lists aren’t geared towards business owners, many of the habits suggested can perform double-duty in both your professional and personal life. Anderson Technologies has a few tips for applying that knowledge specifically to your business networks:
The Yahoo Boys example mentioned earlier in this article is only one of hundreds of scams permeating every demographic, consumers and businesses alike. This is only one part of a concerning trend in 2020, in which cyber criminals and organized groups are taking advantage of global turmoil to target new vulnerabilities. Countless COVID-19 scams continue to emerge and threaten businesses, so it’s more important than ever to stay on top of every potential vulnerability, including employees you may not see every day.
For more information on avoiding scams in the time of COVID-19, download our free Work From Home Checklist or contact our team today.
Email is fast-paced and an essential part of work communication. It is also one of the biggest vectors for cyber threats. How can you sort the scams from legitimate emails?
Some important reminders and guidelines to follow for any business focused on IT security, but our guide on maintaining a secure work environment from home is especially prescient for those seeking flexible options for their employees!
If you’re working from home or providing mobile options for your workforce, you need to know about the biggest mobile security threats of 2020!
