Recently, video-conferencing service Zoom faced its share of cybersecurity challenges. How can your enterprise avoid the same challenges in its cybersecurity?
In the wake of the coronavirus, Zoom experienced a massive boost in use and popularity. In fact, Zoom reported 2.22 million new monthly users in 2020 (so far). However, a boost in popularity also means a rise in scrutiny; Zoom’s cybersecurity policies have not met the expectations of its customer base, leading to some negative press.
Let’s take a look at Zoom’s cybersecurity challenges and show what your enterprise can learn from them.
Zoom’s Cybersecurity Challenges as a Case Study
1. Be Ready to Scale the Environment
Part of the Zoom’s troubles actually stems from their success (success, as always, often proves a double-edged sword digitally). Their user base and thus their IT infrastructure grew rapidly and unexpectedly due to unforeseen circumstances. Looking from the outside, it seems Zoom wasn’t ready for that influx and the challenges it could bring.
Your own cybersecurity and endpoint security must ready itself for unexpected surges and growths as well as predicted growth. In your own case, that probably means new endpoint devices connecting to your network. You need an endpoint security solution that can fortify hundreds or thousands of devices as needed.
2. Use Full End-to-End Encryption
Zoom’s cybersecurity challenges also involved the encryption of the video conferences using its services. Zoom advertised full end-to-end encryption for all of its video meetings.; this kind of encryption would ensure that neither external actors nor Zoom could access the content of the video meetings or intercept them.
Granted, Zoom vocally apologized for its misleading statements and currently works to fix the problem. This is a lesson in and of itself; if you make a mistake in your cybersecurity, denial doesn’t help you. Second, you need to ensure you have complete encryption in your endpoint security remote communications.
For example, you may employ a VPN to help prevent external actors from intercepting or otherwise interfering with secure communications. Virtual Private Networks (VPNs) allow your employees to avoid the problems inherent to public Wi-Fi. Additionally, next-generation endpoint security provides Data Loss Prevention (DLP). This critical capability prevents sensitive data from leaving your enterprise’s network without explicit permission; furthermore, it prevents employees from storing this sensitive data in unapproved databases like the cloud.
Yet your enterprise needs to consider the fact that Zoom itself violated its advertised cybersecurity policies. Businesses need to consider what applications they use in their everyday workflows and whether they can fully trust those applications. Endpoint security can enforce application security, which helps prevent data collection and transfer by applications except in secure contexts.
3. Malicious Interference in Windows
Another of the Zoom cybersecurity challenges involves straight-up interference with the video conferences. The Windows version of Zoom proves susceptible to attackers sending malicious links in the chat interfaces or gaining email passwords. Also, some enterprises report “Zoom-bombing” in which perpetrators infiltrate a meeting and display explicit or disturbing content.
In this case, your organization needs to make sure its own endpoint security solution can operate on as many (if not all) operating systems. After all, your business with a bring-your-own-devices culture could see diverse operating systems and devices. If your solution can’t protect all of them with consistent cybersecurity, then it leaves you vulnerable.
Remember, hackers will find any vulnerability in your digital perimeter eventually. Every business of every size may end up a target. You need cybersecurity regardless of its size.
The Zoom Cybersecurity Challenges continue to unfold. However, we hope this inspires your business to take its own security seriously. To learn more, check out our Buyer’s Guide.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021