Business tool Zoom has seen a 20 fold increase in users recently, as COVID-19 forces millions to work from home. However, reported problems with privacy and security have sparked concern about using video conferencing tools amongst governments and businesses worldwide.
The app’s unprecedented surge in popularity inevitably attracted the attention of malicious actors, and exposed unforeseen weaknesses. “Zoom bombings” in which hackers enter chat rooms persist, and cybercriminals are targeting user passwords.¹ The company has also faced a string of privacy concerns after user data was being sent to third parties and used for targeted advertising.²
Online conferencing tools’ compliance with global privacy regulations, such as Europe’s General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA) – which mandates disclosure on data collection, third party access and breaches – has now come under intense scrutiny. James Stickland, CEO of authentication platform Veridium, highlights that companies using video conferencing tools now face the real risk of breaking data privacy laws, and warns that enforcing passwords greatly increases the risk of cyber-attacks.
James comments: “The COVID-19 crisis has forced a number of firms into taking dangerous shortcuts on security, as well as falling foul of regulations such as GDPR – placing them at greater risk of fines and data breaches. This is an inevitable consequence of companies who have been pressured into adopting technology in order to stay afloat, without conducting the usual rigorous assessments. Businesses must be transparent about who has access to sensitive, personal employee and client data on video conferences, especially when using screen sharing or recording tools. This is imperative considering the escalation of cybercrime, in which funded attacks on passwords worldwide have risen 667 per cent.³ This situation demonstrates that businesses cannot rest on their laurels, waiting for the next data breach – but always plan for the worst case scenario.”
James continues: “Video conferencing tools must take accountability and change how they handle data, which is the perfect opportunity to enhance outdated, password-based security systems. Easily compromised passwords, which are susceptible to phishing and malware attacks, are responsible for over 80 per cent of all data breaches. Transitioning to a passwordless approach through biometric authentication will not only enhance security and streamline the user experience, but also alleviate the challenges posed by data privacy regulations – such as providing proof of identity for legal non-repudiation and a record of every access attempt. Mobile based biometric authentication, which leverages widespread smartphone adoption, can help facilitate safe home working at this critical time without sacrificing the platform’s much loved seamless user experience.”
James adds: “It is critical users know how and where their data is being stored, which can be increasingly unclear. The right mobile multi factor authentication solution will minimise the risk of exposing personal data to the wrong parties, improve the traceability of data processing, and keep costs to a minimum. Any concerns the public has over the storage of sensitive biometric data can be alleviated by techniques such as the distributed data model, which encrypts biometric data in multiple places, rendering it useless to a hacker.”
James concludes: “Some video conferencing tool companies are proving to be a victim of their own success. Indeed, as with all businesses, unless they adopt a more stringent approach to security, increasingly sophisticated cyberattacks will continue to prevail.”