Reading Time: 3 minutes

The way we work is changing, and there’s no going back. Following the unprecedented healthcare crisis this spring, the American workforce went from 70% of professionals working remotely at least one day a week to remote work dominating the corporate workforce every day. In fact, according to a recent Gallup poll, 60% of U.S. workers don’t want to return to the office.

And while health concerns are still relevant, most workers are enjoying working from home by saving time and resources on their commutes, taking more control over their workday, and having the ability to isolate and focus on those heads-down projects. For many workers, this shift could be permanent. Both Google and Amazon have asked their employees not to return to work onsite until October.

And in the meantime, teams are talking, meeting and collaborating every day. Zoom has become a verb—no longer reserved for business professionals. With more users Zooming their way to yoga class, support meetings, religious services, and virtual happy hours.

Zoom has even been temporarily approved for telehealth appointments—so patients can safely and comfortable talk face-to-face with doctors from home.

And while Zoom is widely accessible and free for those quick 45-minute calls, there’s just one problem—security. Read on to learn what to consider when using Zoom calls for your company communications:

1. Zoom bombing is now a thing.

Zoom bombing

That’s right, “zoom bombing” is a new cybersecurity risk impacting users everywhere since the COVID-19 pandemic drove the platform’s users to new records. So, what is this new form of attack? Hackers are randomly crashing meetings from casual meetups to sensitive, government calls.

This spring, uninvited strangers ironically crashed a Zoom meeting on cyberattacks. When the presenter started covering coronavirus disinformation posted to Reddit, Facebook, and Twitter, a Zoom bomber scribbled all over the screen—bringing the meeting to an abrupt ending.

The attacks are so wide-spread that the FBI is investigating them. And it’s causing additional disruption for businesses in every industry. Just take it from Kara Goldin, Hint’s CEO who was recording a podcast when a random hacker dropped in.

2. There’s a UNC path injection wreaking havoc on Zoom for Windows.

Zoom Windows vulnerability

Zoom video conferencing software for Windows is open to a classic ‘UNC path injection’ vulnerability.  This vulnerability enables remote attackers to steal your Windows login credentials and even execute system commands.

Why? Zoom for Windows supports remote UNC paths—converting URIs that might not be secure into hyperlinks over chat to a recipient in a personal or group chat.

3. Windows credentials and systems are being compromised—remotely.

Zoom compromised

According to TheHackerNews.com, the FBI is actively responding to cases of Windows credentials and Windows systems being remotely compromised via Zoom meetings.

To hijack your Windows login credentials, all a hacker needs to do is shoot out a crafted URL (i.e., \\x.x.x.x\abc_file) in Zoom’s chat interface. When you click, the hacker uses the SMB share to steal authentication data from Windows without you ever knowing.

And according to Google, your Windows system is at risk too. The same flaw can be unleashed to launch any program on your computer or even execute commands to compromise your system and meeting.

This is even scarier if you work for a bank, healthcare organization, or any business dealing with sensitive, protected consumer information. While Zoom is racing to address security vulnerabilities, there are already other more secure platforms that are just as user friendly.

Secure your chats and your data.

Having the right unified communications platform can increase collaboration and employee and customer engagement and satisfation—without ever compromising security.

Stay connected and secure.

Let’s talk

Our collaboration experts have deep knowledge of PCI and HIPAA compliant video conferencing solutions for powerful and secure face-to-face interactions. Contact us to find the right technology for your organization.

©2020 MicroAge. All Rights Reserved. Privacy Policy | Terms and Conditions