So you're here for cybersecurity tips. Great! We'll get to those in just a minute.
First, let's deal with that elephant that's just walked into the room. Yes, we specialise in VoIP phones and unified communications (UC) technology. We have done for more than 10 years now. So… if that's our wheelhouse, why are we talking about potential security issues?
The answer's simple: because we take cybersecurity seriously.
We've chosen our three VoIP/UC platforms because experience has shown they're among the most flexible, feature rich and – yes – secure systems on the market.
But one of the key tenets of cybersecurity is to never assume you're invulnerable. Cybercriminals are a wily bunch, and they're constantly looking for new ways to exploit the systems we rely on. Assuming a platform is completely secure means letting your guard down – and that's when scammers are most likely to score a direct hit.
The fact is, even the biggest platforms are vulnerable to misuse. Take the spate of so-called "Zoombombing" incidents in 2020, for instance.
Zoombombing: an unfortunate case study
Zoombombing refers to when unwanted participants enter a video call – usually on the popular video conferencing app Zoom. Once in, these interlopers show lewd, suggestive or hateful material, intending to disrupt the session in question.
You might be thinking, "don't these people have anything better to do?". To which we say: good point… but don't underestimate the all-pervading power of stupidity.
You might also wonder, "how could this be allowed to happen?". Well, the answer to that question's a little more complicated.
One of the reasons Zoombombing took off is because it was so easy to accomplish. All the tricksters had to do was search for a publicly available Zoom link – perhaps a classroom session that a well-meaning teacher had posted on Twitter.
Other platforms allow for public link sharing, of course. But Zoom dropped the ball by making these links the only pieces of information required to enter a meeting. Because there were no other safeguards in place, the floodgates were left open for these gormless gatecrashers.
To Zoom's credit, it has since responded with more than 100 security updates, including implementing end-to-end encryption for all users, and – crucially – turning on meeting passwords by default.
But the damage had already been done. In the wake of these incidents, many companies and institutions banned the use of Zoom. And, in one notable example, an Italian TV channel was made to broadcast some very questionable material as it hosted a Zoom conference, live on air.
It seems most of these attacks were simply tired attempts at "trolling". Thankfully, we haven't heard of any data breaches that occurred as a direct result of a Zoombombing incident.
But if there's one thing we can all learn, it's this: next time a breach like this happens, it might not be so… ahem… "innocent".
Five steps you can take to protect your business and your data
As we've seen, no platform is invulnerable to attacks. Here are five simple ways to protect yourself as you communicate and collaborate in the cloud:
1. DO use strong passwords
Sure, this is like "security 101". But it's the simple stuff that's most easily forgotten, so it's important that we cover it here.
You know the drill. Use strong passwords that incorporate numbers and special characters. Don't use personal or public information as part of those passwords. And change them regularly – every two weeks or so.
Now wrap that up in a password policy and make sure your staff stick to it, whether they're working from home or the office.
2. DON'T use public WiFi
As we've said before, public WiFi is like the wireless Wild West. Users should, at the very least, be accessing services via their secure home WiFi system – preferably with a company-approved VPN (virtual private network) on top.
3. DO keep mobile devices secure
As flexible working becomes ever more normalised, IT managers have to manage an increasing fleet of unsanctioned, employee-provided mobile devices. If staff are using VoIP or UC apps on these devices, then enabling end-to-end encryption is essential. You might also want to limit their use to secure WiFi networks.
4. DON'T let security standards slip
Remember: a security policy is a work in progress – you should never consider it a complete document.
Treat your VoIP/UC system as you would your business's internal network or any other piece of critical infrastructure. This means keeping software and firmware up to date and conducting regular security audits to make sure you're keeping pace with the latest developments. You might also want to consider conducting cyberattack simulations, so you can root out any vulnerabilities before they're discovered by unscrupulous types.
Education is just as important. Keep staff up to date with any changes in your security policy, and run regular training sessions to ensure that standards are adhered to.
5. DO consider adopting a "closed-loop" system
One of the biggest boons of UC platforms is that they combine several services into single, easy-to-use communications dashboards. You no longer have to use different programs for video calls, instant messaging, phone conversations and the like. So as long as you trust the UC provider, you can – in theory – trust the UC platform itself.
But you should ask yourself: "is my UC platform as 'unified' as it seems?"
Perhaps there's a custom API integration your IT team knocked together. Is that as secure as you want it to be? And what about handsets… could they be a weak link in your otherwise-secure network chain?
If this is a concern, you might want to consider a system like Wildix. As well as providing exceptional security features out of the box, Wildix only works with own-brand handsets. This means that if there's a failure in the chain, the responsibility lies with Wildix alone to get things fixed.
Useful links
Learn more about our three VoIP/UC systems: Wildix, Microsoft Teams and Cisco Webex.
Want to discuss cybersecurity? It's a very important topic, so we're always happy to help out. Please don't hesitate to get in touch [link: https://www.yoozoom.co.uk/contact] or check out our security-focused IT support packages.
(And while we're at it, why not sign up for our Knowledge Hub? You'll get useful tech tips like this delivered directly to your inbox!)
Sign up* to access our exclusive cloud transformation guides. You'll learn:
*We may contact you to let you know about what’s going on at Yoozoom. This can be anything from the latest product innovations to exclusive deals and future events. Remember, you can always opt out later.
Contact Us
Yoozoom
Unit 8
Gemini Business Park
Sheepscar Way
Leeds
LS7 3JB
Contact Us
Yoozoom
Unit 8
Gemini Business Park
Sheepscar Way
Leeds
LS7 3JB
Company Number: 07618108
VAT Number: GB11304662
Yoozoom Technologies Limited T/A Yoozoom