Use of virtual meetings spark cybersecurity risks

Shane Landon Olson, Editor-in-Chief

While COVID-19 has caused a global health crisis, Rachel Wilson, managing director and head of cybersecurity for Morgan Stanley Wealth Management, believes the virus’s effects extend beyond the medical field.

“It’s also generated what I’m increasingly calling ‘a cybercrime pandemic,’” said Wilson in a video conference. “We’ve seen a 40 percent increase in attempted cyberattacks over [March and April].” 

Prior to her position at Morgan Stanley, Wilson said she ran the Cyber Exploitation Operations Mission for the National Security Agency, also known as NSA, where she hacked into the networks of adversaries and stole their secrets.

Wilson believes the adjustment to virtual meetings is making people more vulnerable, she said.

Picture this: a random person joins your virtual meeting and begins displaying inappropriate content, ranging from adult movies to explicit comments.

According to Wilson, this is known as “Zoombombing,” a major cybersecurity risk for virtual meeting platforms.

“An unauthorized party joins your meeting, and they have one of two purposes when they join,” said Wilson. “Maybe their purpose is to join the meeting to listen to the conversation and steal that information, so they’re essentially eavesdropping on your meeting.

“The other reason is that they’ll join and they’ll show really inappropriate content, and they’ll disrupt the meeting.”

Another cybersecurity risk is malware infection, Wilson said.

“These virtual meeting platforms can be used as a vector for infection if someone sends you an infected document,” said Wilson. “Or, through the messaging channels, they could send you a link that took you to a website that would serve up malware.”

In a video conference, Nate Warfield, senior security program manager at Microsoft Corporation, said although our home networks are fairly secure, we should be concerned about the risks. 

“The home network is becoming more of a valuable target than it was because a lot of the work has moved away from corporate offices and schools to the homes,” Warfield said.

According to Wilson, if a user is not taking the right protective measures, the probability of a cybersecurity breach is highly likely. The first thing Wilson recommends is to password-protect meetings.

“[Make] sure that you don’t allow any unauthorized party to enter your meeting, you’re only having the people you invited,” said Wilson. “And, that’s why these programs allow you to set up a password with the meeting. So, if you set up a virtual meeting and you send all the participants the password, then only the people you invited can join.”

According to Warfield, his team’s job is to build and release security patches, which are updates to software that correct vulnerabilities. Warfield believes another way users can stay protected is by installing those patches as soon as they are released.

“The biggest thing that we see is that little pop-up that says, ‘hey, you need to install some updates,’ and people click ‘not now.’

“Hands down, the most important thing I can say is make sure you install those updates,” Warfield said.

According to Wilson, another precaution users can take is a standard cybersecurity practice to avoid malware infection.

“Don’t open any attachments from unsolicited sources,” said Wilson. “Don’t click on links. Don’t go to random parts of the internet. You want to treat that Zoom meeting, that virtual meeting, the same way you would treat an email, and just avoid clicking on anything or opening anything.”

In spite of these risks, Wilson said she believes the benefits of virtual meetings outweigh their disadvantages.

“There are risks in anything we do, and I don’t think the risks around virtual meetings should preclude us from having them.”