video conferencing person writing on notebook remote working

Are your video conferences password protected?

Video conferencing is booming, but are you taking appropriate measure to secure your data?

You may have missed it, but May 7 marked World Password Day. The first World Password Day was in 2013, having been established by Intel, and it is designed to – you guessed it – raise awareness of cybersecurity hygiene. 

Given that thanks to COVID-19 vast swaths of people are currently home-working – toggling between personal and business devices and applications, and cybercriminals are setting increasingly sophisticated traps to steal data – it is a timely reminder of the critical need to shore up cyber defences, to secure our work and private lives.

Alarming statistics lay bare the need to tighten up password security and reveal worryingly lax attitudes. Consider in 2019 it is estimated that cyberattacks cost $2 trillion in 2019, and almost 4 in 10 (38 per cent) of us never update our passwords, a new Specops Software survey shows. In November, DataProt research found that the password “123456” is adopted by some 23 million email account holders, and that over half of us (51 per cent) use the same passwords for both work and personal accounts.

There are numerous ways to check if your email address has been breached – for instance, www.haveibeenpwned.com is a free tool that shows you all the details (how and when) in seconds. A large majority of people have neglected to check whether they have been hacked, possibly because they are scared of what they might discover. 

 IMPROVING CYBER HYGIENE

Some 64 per cent of Americans, who spend three hours on their smartphone a day on average, have never found out whether they have been affected by a data breach, according to Varonis. It’s not just individuals that are slack when it comes to password security, though. The same organisation has calculated that 61 per cent of companies have over 500 accounts with non-expiring passwords. 

Thankfully, in 2020 there are several quick fixes for those who are either too lazy or ignorant about the dangers to change their passwords regularly. A trusted password manager – such as LastPass or 1Password – will create and store strong, lengthy passwords for users, and both have free versions. Additionally, browsers like Google’s Chrome and Mozilla’s Firefox come with password managers, though a dedicated application like the aforementioned might be a safer bet.

Not everyone is comfortable with password managers, however. Those people are urged to use longer, unrecycled passwords. And ones that are at least eight characters in length and are effectively gobbledegook, made up of seemingly random numbers, letters, and other characters.

The focus on passwords is doubly important in the coronavirus pandemic, with the surge of hacking activity. And just when you thought that video conferencing was reasonably safe comes the news, from The Times, that cybercriminals have put more than 500,000 Zoom logins up for sale on the dark web at one penny each.

Zoom has been one of the few standout business successes since the COVID-19 outbreak. Indeed, insights tracker Sensor Tower showed the Zoom app was installed 131 million times in April on mobile devices – more than any other app in the world. TikTok was a distant second, while other video conferencing apps Google Meet and Microsoft teams were third and fourth, respectively. 

EXPERT ADVICE

The National Cyber Security Centre has advised that passwords and links to them should always protect virtual meetings. Further, they must not be shared publicly, and only the person hosting the call should be able to share their screen with everyone joining.

Offering advice to business leaders, Grant McCormick, Chief Intelligence Officer at cybersecurity management platform Exabeam, says: “For the vast majority of organisations, the most important things to consider are their own policies and implementation details for any video conferencing tool. These will address the broadest collection of high-risk areas, for example, single sign-on (SSO) and user password policies, meeting password policies, patching operations, and so on.

“Bottom line: consumers should be most focused on using passwords with all video conference meetings, keeping the entire endpoint current with software updates, and maintaining general security awareness on all devices and in the home. These measures are much more likely to have an impact on the overall security experience.”

He adds: “In addition to being mindful of video conferencing security during this remote work period, companies should also evaluate and update their network security capabilities to better protect their distributed employees and company data. Many factors, including people having a false sense of (cyber)security in their own homes, could lead to an increase in malware and phishing incidents and even data exfiltration or privacy violations. A security stack that includes behavioural analytics, data loss prevention and identity and access management (IAM) is a strong start to better protecting company information across your employees’ individual networks.” 

You have been warned. Hopefully come the next World Password Day, on May 6, 2021, more people will have bolstered their cybersecurity and boosted cyber hygiene.