Since the onset of the COVID-19 pandemic, cybersecurity has become personal in ways it hasn’t before.
There are more of us online more often — exposing our families and businesses to more risks because we are interacting with technology more than ever.
The National Center for Missing and Exploited Children, which includes tips received from Washington, D.C., received more than double the number of tips it normally does in May of 2020. Cybercrime related activity is up nearly 1,000 percent so far this year.
We need to protect ourselves and our kids, and the reality is there isn’t a difference between protecting your home and protecting your workplace any more.
This paradigm shift to work-home-technology has introduced us all to Zoom. It’s now a household name and the most popular service to support businesses shifting en masse to a virtual workplace.
I’ve often been asked about whether Zoom is “secure” or not. I think this is the wrong question. Instead, we ought to be asking whether “we” are secure or not.
To protect ourselves, we need to change our habits when it comes to using technology. In my book, “Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future,” I argue that there are nine practices we need to master to protect ourselves no matter how technology changes or evolves in the future.
The habits are literacy, skepticism, vigilance, secrecy, culture, diligence, community, mirroring and deception.
Whether or not Zoom is “secure” depends in large part on whether you exercise healthy cybersecurity habits. Several of the nine cybersecurity habits play a role for Zoom, but I’ll focus on just a couple below:
Skepticism, Secrecy, and Diligence
— I start out with a skeptical mindset when it comes to technology. Software can be easily compromised, which is why we should all keep a physical shutter over your webcam that can be closed when not in use. I think this should be a standard feature for all web cameras moving forward, but you can also buy plastic covers that attach with adhesive. This will ensure that even if your computer is hacked, they still won’t be able to see inside. I would go further and shut down Zoom or other applications when not using them in case they can be remotely activated.
— Skepticism also extends to when I’m using Zoom or any other web conferencing system. You should make sure you know whether you’re being recorded. Zoom has a red “recording” symbol to alert you to when this is happening, but others can have screen capture software or be recording what’s on the screen with their phone. Recordings of conference calls regularly show up online when users didn’t expect it, so be aware of what you’re sharing.
— When it comes to secrecy, you should first start with your personal Zoom details. Don’t share meeting or virtual classroom links via public channels
— Don’t use your Personal Meeting ID (PMI) to host public meetings. But also, be aware of what is on your screen when sharing your desktop. Other applications could reveal what websites you are browsing or other notes you may have been writing.
— When sharing your screen, only share the application you want to share, not the whole desktop.
— Also, is there a whiteboard or other information about you that is viewable behind you in the background? In the 2020 NFL draft, Coach John Gruden appeared to have his draft strategy written on a whiteboard that was visible during the first night of the draft. This was publicly visible via Zoom and of course, on ESPN.
Beware The Zoom Bombing
I think one of the most challenging parts of cybersecurity is knowing what to do after something bad happens. In the case of Zoom, lots of people have experienced what is known as “Zoom Bombing” — when an uninvited individual party crashes your meeting.
In some cases, the zoom bomber will share their screens to display offensive content or will blast loud music or other sounds to disrupt your meeting or class.
Following some of the tips we’ve talked about can help you prevent a zoom bomb, but what do you do after one happens? This is where the diligence habit comes in — and that means you should have a plan if you are victimized by a zoom bombing. Stay calm.
Don’t engage with the zoom bomber (which is what they want). Instead, every meeting organizers needs to be ready to send a new meeting invite to the participants with a different password. You can later go back and attempt to find out how the meeting information was leaked, usually via a screenshot that ended up on social media.
What’s at stake? 60 percent of small businesses go out of business after a security breach —that’s the same order of magnitude as a tornado or a fire.
We’ve worked hard to build our careers, and we can protect ourselves and our communities with better habits. We know that for the last several years, CEOs have said one of their top concerns has been cybersecurity.
We know that the CEOs and vice presidents of the future will need to understand cybersecurity.