Beyond Zoom and Slack, how safe is your collaboration app?

The global pandemic has brought overnight success for Zoom, whose daily users crossed 300 million from just 10 million last year. In the last few months, the share price of Zoom soared by 200% and its market valuation touched $50 billion. Zoom has become the de facto tool for millions of employees who were forced to work from home. The unprecedented demand caught the company by surprise, raising concerns over safety and privacy concerns. Zoom was bogged down by security issues for which the company responded quickly by strengthening its end-to-end encryption, at least for the paid users.

Zoom and other apps, which were originally meant to be used by the workforce within the company security firewall, have found new users like students and family members who connect from anywhere. This has opened new security challenges for companies that are seeing a broader set of unintended users for whom the product was not originally conceived.

But Zoom is not the only app that is facing security issues. Slack users have been facing issues with authentication protocols when integrating third-party tools. Besides, due to their large user bases, mainstream apps like Slack and Zoom have become prime targets of hackers. Today, none of the applications are beyond the reach of seasoned cybercriminals, who prey on the security vulnerabilities.

Whether you are using an audio/video tool or any other application, here is a security checklist that will keep you safe.

1) Make sure that the application that you have subscribed to provides a strong encryption model to protect the data. Employees should be able to access the application only from a secure network through a registered email id and password.

2) The application must support a multi-layered authentication system. Each employee should have access only to the information they strictly need and nothing more.

3) Any application that you use should meet one or more compliance requirements such as SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), SOC2, SOC3, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, ISO 27001 and Cloud Security Alliance.

4) Your cloud service provider should have built-in security features to protect your data against viruses, spyware, adware & other malicious software.

5) Make sure that your application has a cloud-to-cloud backup to enable data stored in one cloud to be backed up to another cloud — providing an additional layer of protection.

6) When a user deletes his/her account, all the information should get deleted fully. There should not be any scope for data leakage.

8) Wherever it is possible, it would make sense to subscribe to a single platform to get all your work done, rather than depending on too many apps. Integrating too many third-party tools will come with its own set of security challenges.

9) When you give the owner or admin access to certain employees make sure they are responsible for the safety of user accounts, chat transcripts, and files that are being shared.

10) Be careful about sharing cloud files with “anyone with the link can edit” publicly, especially when you interact frequently with outside stakeholders. 

In addition, please ensure that you and your team follow these safety precautions before conducting or attending audio/video calls

  • Make sure you download the apps from the publishers site directly and not by clicking any link passed on by others. There are a lot of phishing apps with popular names doing rounds.
  • When your colleagues register for Zoom meetings, make sure they use their official email ids only. 
  • When you host meetings, make sure that only people with a password can join the meeting. This will avoid Zoom “bombings”.
  • Share meeting ids with intended participants directly. Avoid giving links on social media, channels, streams etc. 
  • Make sure that the option to record meetings is strictly with the internal stakeholder who is hosting the meeting.
  • Wherever possible use web versions to join meetings. While using apps, you will have to concede too many permissions.
  • When you host meetings for a large group, make sure they are in the waiting room, before you authenticate and let them in.
  • Make sure your attendees are all registered users only. Once all are in, you can lock the room to prevent unintended users from entering your room inadvertently or intentionally.
  • If you come across any troublesome participants, you can remove them from the current session or ban them from attending future meetings.

Last but not the least, since most of the applications that you deal with are SaaS-based, you must make sure that your application service provider meets all your specific business requirements when it comes to protecting confidentiality, integrity, and availability of your data in the cloud. Find here