Are your Zoom meetings vulnerable to data leakage?
Data protection & video conferences, part I
It is estimated that there are more than 1.5 billion people worldwide working remotely today as a result of the current pandemic.
Now that you have most, if not all, of your employees working remotely how do you minimize the risk of data breaches or inadvertent exposure of sensitive data?
Protecting the network is a good first step, and a noble endeavor, but how realistic a goal can it be when your network is comprised of consumer-grade routers spread across dozens, or hundreds, of square miles?
In order to balance the value/risk equation with any potential user disruption, protecting the network isn’t enough, you need to protect the data.
With properly protected data, your business is less reliant on VPNs and traditional Firewalls that can be ineffective and slow business down. Properly identified data can be more easily shared while improving the capacity of your DLP or CASB products. With the sensitivity of data accounted for, businesses are less at risk of falling victim to the weaknesses of home-grown infrastructure.
One such well documented weakness is everybody’s favorite video conferencing platform, Zoom.
Zoom has been delivering an easier way to communicate better with remote team members on a day-to-day basis since 2013. But the platform’s recent growth, fueled by the new work-from-home reality many of us are in, has introduced a few security risks to be aware of.
Zoom has become the conferencing app of choice for so many because it provides a near-seamless way to present slide decks, videos, and pitches, while facilitating the face-to-face communication that just isn’t possible to do in person anymore.
This simplicity, however, is a double-edged sword because it is so easy to share almost anything over its video connection. It is also far too easy to accidentally share the wrong thing.
Is the PowerPoint file you’re presenting the final, approved version or the draft with the spelling mistake on slide 10?
If you’re on a call to review the upcoming acquisition paperwork, are you sure all participants are authorized to view the materials?
Are you confident in every user’s ability to remember to stop sharing their screen before continuing to work on the corporate payroll spreadsheet?
And when you’re not worrying about how your own employees are using Zoom, there’s also a new trend called Zoom bombing, where either malicious actors or internet trolls make their way into your Zoom meeting. Their goal is often to simply disrupt your meeting and sow chaos just for the hell of it, but it wouldn’t be a stretch to imagine that someone might try to listen in on a competitor’s call to gain an advantage in uncertain times.
How Titus Classification Suite helps secure your Zoom screen sharing
It was with these accidents in mind that my colleague, and Titus Chief Architect, Ayman Wassif developed a simple policy using the custom actions available in the Titus Classification Suite.
In the videos below you can see how properly identified and classified data can be kept away from prying eyes.
Prevent capture of protected documents during a Zoom session
When you classify a Word document as “Restricted” it is automatically redacted on screen, so people attending a Public Zoom meeting cannot see it.
Prevent viewing of protected documents during a Zoom session
When you open an existing Word document that is classified as “Restricted” it is automatically redacted on screen, so people attending a Public Zoom meeting cannot see it.
In these difficult times, we can thank modern technology for being there to make working from home a realistic possibility for many of us. In several ways, the transition has been so smooth, working from home can feel just like being at the office.
But the smoothness of this transition can hide some very real security holes in your organization.
Being aware of them is only part of the battle.
In order to keep your remote work environment as secure as your office environment, you need to protect your data.