As the COVID-19 outbreak continues to disrupt business worldwide, with more than 50% of the global population now living under some kind of government lockdown, this has triggered many organizations to shift their business process and force employees to work from home.
Since millions of employees and students are now forced to work remotely, there has been a rise in the usage of video conferencing apps and exposing these users to cyber-criminals. Cybercriminals are targeting these users who are using collaborating apps to stay connected with each other during the COVID-19 pandemic and causing data privacy, safety, and security concerns as cyber-criminals are zoombombing the meetings.
What kind of data, privacy, and security concerns are at stake?
Zoom has confirmed in its blog post that it’s meeting were not end-to-end encrypted and with millions working and learning remotely due to COVID-19 challenges, there is an explosion of remote endpoints running zoom and these remote end point are accessing organization’s critical assets and data causing more and more cyberattacks and exploit the exposures in collaborations tools and these vulnerabilities can let hackers steal users windows credentials.
Not only has Zoom confirmed that it’s not end point secured but it was also leaking the data to Facebook of its users about IP address, advertising ID, mobile carrier, device model, time zone of its iOS app users before the recent fix and facing a lawsuit for the same.
How organizations and data privacy teams can mitigate these data theft risks?
In Increasing security, privacy and data concerns on collaboration tools we have to take some serious steps:
- IT or data security teams adhere to strict risk management and compliance requirements associated with these collaboration apps. Thorough research and due diligence for data security specifics, including the need for end-to-end message and data transport encryption, must be done before implementing it to the wider organization because every user in the organization is not aware of the data privacy or security lapses in these apps.
- The use of an organization authorized VPN should be mandatory for remote workers so they can stay connected to the organization internal network as this will prevents attacks from remote locations.
- Employees should audit their home environment network for vulnerabilities before allowing work devices to be connected to home networks.
- The organization should educate the employees on how to use the platform securely, developing step by step instructions for using the collaboration apps for any meeting.
As a result of lockdowns, we have seen an increase in the usage of the collaboration or video conferencing tools, and it is just a small step towards the long process of digital transformation. This crisis has made businesses realize that they need to speed up their pace of digital transformation journey. Every person and organization big or small must adapt to these changes and evolve. Smaller firms must digitize themselves by downstreaming their operations and going online; with the increased usage of digital technologies such as on-demand food services, virtual events and e-commerce will increase the pace for the digital transformation.
As consumers become more dependent on technology, the potential for cybercrime will grow also. There is a growing belief amongst the users of these technologies that organizations should play a pivotal role in ensuring cybersecurity. Hence the role of the data and privacy teams becomes very critical as it’s their responsibility that only ethical data is collected and processed. Any mishandling of data, data breach or hack increases risk operationally and for the brand reputation overall.