COVID-19 reveals passwords as weak link in video conferencing

James Stickland, CEO of authentication platform, Veridium, examines the security risks posed by video conferencing tools such as Zoom and considers what steps must be taken to make them more secure.

Business tool Zoom has seen a 20 fold increase in users recently, as COVID-19 forces millions to work from home. However, reported problems with privacy and security have sparked concern about using video conferencing tools amongst governments and businesses worldwide.

The app’s unprecedented surge in popularity inevitably attracted the attention of malicious actors, and exposed unforeseen weaknesses. So called “Zoom bombings” in which hackers enter chat rooms persist, and cybercriminals are targeting user passwords.The company has also faced a string of privacy concerns after user data was being sent to third parties and used for targeted advertising.

Online conferencing tools’ compliance with global privacy regulations, such as Europe’s General Data Protection Regulation (GDPR) or California’s Consumer Privacy Act (CCPA) – which mandates disclosure on data collection, third party access and breaches – has now come under intense scrutiny.

James Stickland, CEO of authentication platform, Veridium, says that companies using video conferencing tools now face the real risk of breaking data privacy laws, and warns that enforcing passwords greatly increases the risk of cyber-attacks.

He comments: “The COVID-19 crisis has forced a number of firms into taking dangerous shortcuts on security, as well as falling foul of regulations such as GDPR – placing them at greater risk of fines and data breaches. This is an inevitable consequence of companies who have been pressured into adopting technology in order to stay afloat, without conducting the usual rigorous assessments.”

Mr Stickland says businesses should be transparent about who has access to sensitive, personal employee and client data on video conferences, especially when using screen sharing or recording tools.

He explains: “This is imperative considering the escalation of cybercrime, in which funded attacks on passwords worldwide have risen 667 per cent. This situation demonstrates that businesses cannot rest on their laurels, waiting for the next data breach – but always plan for the worst case scenario.

Mr Stickland suggests that the security features of video conferencing tools should be enhanced so that passwords are no longer required and biometric authentication used instead.

He says: “Video conferencing tools must take accountability and change how they handle data, which is the perfect opportunity to enhance outdated, password-based security systems. Easily compromised passwords, which are susceptible to phishing and malware attacks, are responsible for over 80 per cent of all data breaches. Transitioning to a passwordless approach through biometric authentication will not only enhance security and streamline the user experience, but also alleviate the challenges posed by data privacy regulations – such as providing proof of identity for legal non-repudiation and a record of every access attempt. Mobile based biometric authentication, which leverages widespread smartphone adoption, can help facilitate safe home working at this critical time without sacrificing the platform’s much loved seamless user experience.

It is critical users know how and where their data is being stored, which can be increasingly unclear. The right mobile multi factor authentication solution will minimise the risk of exposing personal data to the wrong parties, improve the traceability of data processing, and keep costs to a minimum. Any concerns the public has over the storage of sensitive biometric data can be alleviated by techniques such as the distributed data model, which encrypts biometric data in multiple places, rendering it useless to a hacker.”

Mr Stickland believes that unless security protocols are ramped up, cyber attacks will persist, becoming increasingly more sophisticated.

He concludes: “Some video conferencing tool companies are proving to be a victim of their own success. Indeed, as with all businesses, unless they adopt a more stringent approach to security, increasingly sophisticated cyberattacks will continue to prevail.”

image © Girts Ragelis / Shutterstock.com

If you would like to join our community and read more articles like this then please click here.

The post COVID-19 reveals passwords as weak link in video conferencing appeared first on Defence Online.