With the outbreak of the Corona crisis, more and more people are opting to use various chat softwares for their business needs. As the days of quarantine continue, issues of whether these softwares are really secure have arised. People are holding “virtual” team meetings, school classes, fitness training, meditation and stress training sessions, meetings with professionals, and of course, conversations with relatives and loved ones. Popular apps for such sessions include Zoom, Slack, Skype, Viber, Google Hangouts and so on.
Browse And Adjust User Settings
You must enter the settings menu (see for example the setting menu in Zoom and in Teams) and browse it thoroughly. Browsing the menu reveals dozens of setting options; from simply display and screen settings to advanced settings for information sharing and group management. Needless to say, this array of information can create confusion and deter you from making a change. Therefore, I recommend that you focus on adjusting the following:
Information security, including service passwords.
The use and retention of your information, including the recording of calls and the use of the microphone/camera.
Call and software management, including video use, file sharing and access to information.
Participant capabilities, including the ability to manage calls, join calls, screenshare, and share various information.
Managing the information that is revealed about you, including the ability to see what I was doing during the conversation and whether I was attentive.
Getting to know the participants in your conversations
Firstly, be careful (more importantly, when it comes to your children), to join the conversations of participants you are familiar with.
Secondly, when we initiate calls, we recommend not only sending a call with a call link, but also adjusting your software setting so that a password is required for joining. In some programs (such as Zoom), you can even enlarge and create a virtual “waiting room”, which participants can enter before the call can be approved or rejected by the host.
Managing participants and their capabilities
It’s advisable to define who gets what permission for which software element, including the use of the microphone, the camera, for screen/file sharing and of course for recording. In some softwares, you’re able to disable the option of “Joining A Call Before the Host”. You’re also able to disable the file sharing option and even set rules for sharing (for ex. Read-only access). As for the ability to record the call, it’s important to note that even if you have disabled this option within the system itself, the call can still be recorded using third party softwares. Accordingly, this should be taken into account both when it comes to sharing personal and sensitive information, as well as for the dissemination of such information thereafter.
Let’s start with the obvious; information security risks. Recently, a number of articles have been written on how security weaknesses allow people who have not been invited to join a video call, listen to them and even access files that are transferred in the call. Although this specific security issue has allegedly been fixed, it is surely only a matter of time before hackers and other parties find other ways to do so. There’s just no way to ensure such hacking never happens–but there are certainly ways to minimize/reduce the risks. The key to preventing your security from being compromised is a trinity of methods;
- Keep track of software updates
- Be sure to use the latest version of the software which includes information security updates
- Be mindful that there may be those who listen and/or can access the transmitted information within your call. Take this into account when part taking in conversations that are sensitive and/or share personal information.
The more popular the software is, the more “hostile” people will try to abuse it. Among other things, the same factors invite many participants who may share and upload content that is violent or lude. One example of this is the process of Zoom Bombing (link).
So how do you avoid the risks associated with chat softwares? Keep all of the above mentioned rules in mind and make sure to join in on calls with familiar participants and a clear agenda. As far as children are concerned, we recommend informing them of the risks so that they remain well aware–and check up on them occasionally to ensure the software is not being misused.
Certainly the various tools available to us have many advantages that allow us to maintain a “routine” during these troubled days. However, it is imperative that we understand these tools also have certain dangers in them–dangers we should be alerted of so that we can try to minimize their impact on us as much as possible.
The writer, Adv. Ido Bar-Gil, is the head of Legal operations at LawFlex