Zoom-Bombing and Cyber-Hacking: Here’s How to Protect Yourself
Your hands aren’t the only thing you need to keep clean during the coronavirus pandemic. By Elizabeth Nelson
When the coronavirus (COVID-19) first began its rampage across our world, one of the first things to happen was that people suddenly became hyper-aware of their personal hygiene. “Wash your hands!” is the rallying cry of this pandemic, as we all strive to avoid becoming sick or unwittingly spreading the virus.
But now that many of us are working, teaching, and attending classes from home, another kind of hygiene has become extremely important as well: cyber hygiene. Following best practices to keep our home computers up-to-date and secure will ensure that we’re able to continue with our work and educational obligations for the duration of the stay-at-home order.
Touro Graduate School of Technology professors and cybersecurity experts Behrooz Khorsandi and Yosef Lehrman are on the front lines when it comes to the technical side of this crisis; we spoke to them about how we can protect ourselves from becoming victims of cyber-hacking, Zoom-bombing, and other online hazards.
Controlling access
“Someone was presenting his PhD thesis a couple of weeks ago on Zoom, and apparently a ‘Zoom bomb’ was issued, which caused his session to be compromised,” says Khorsandi. “It was a very embarrassing moment for this individual, in front of his professors and other faculty members,” said Khorsandi.
One way to keep your Zoom meetings secure, says Lehrman, is to make sure you never post the link in a public forum. “Anyone who has the link can access the conference,” he explains. “Obviously, this poses a problem.” He recommends posting meeting links only in controlled environments, as opposed to social media feeds or public web pages.
Another thing people can do is make their Zoom meetings password-protected. “This is a mechanism to control who has access to the online forum,” says Lehrman. Guests are sent to a Zoom “waiting room” until the host lets them into the meeting (or classroom). Once in the meeting, guests should not be allowed to share their screens. “Screen-sharing should be limited to the host or instructor,” says Lehrman.
Putting a policy in place
Khorsandi and Lehrman emphasize that there will always be a trade-off when it comes to security and user-friendliness. “How easy do you want to make it for students or employees to access meetings and material, in light of the possible implications of compromise?” asks Khorsandi. “If it’s too difficult for the users, they’ll figure out a way around security restrictions.”
The answer to the accessibility/security conundrum, Khorsandi and Lehrman believe, lies in having a solid telework or distance learning policy in place. “I would make the policy number one, before anything else can be done,'' says Khorsandi. “Employees, instructors, and students need to know the agreed-upon policy by the organization or institution.” He suggests an email or short training session to go over the policy and make sure people understand the importance of information security. “The key idea is communication in regards to policies—what's permitted and what's not.”
