The Inherent Risk To Using Unsecure Chat Software

by | Apr 27, 2020 | Insights

The Inherent Risk To Using Unsecure Chat Software

With the outbreak of the Corona crisis, more and more people are opting to use various chat softwares for their business needs. As the days of quarantine continue, issues of whether these softwares are really secure have arised. People are holding “virtual” team meetings, school classes, fitness training, meditation and stress training sessions, meetings with professionals, and of course, conversations with relatives and loved ones. Popular apps for such sessions include Zoom, Slack, Skype, Viber, Google Hangouts and so on.

Surprisingly, and completely opposite to the amount of downloads these softwares get, few people read the software’s terms of use in depth, and even less people (less than 5%) enter the system’s settings to adjust and toggle the software to their needs. It’s important to note that these programs are not new! In the years that these softwares have existed, we’ve witnessed changes in both their privacy policies and information use settings. Accordingly, caution is required in using them.

I’m appealing to you now, dear readers, with a heart-to-heart, have you read the software terms of use before downloading the communication platform? Have you adjusted the software’s system settings to your needs? If the answer is no, I strongly encourage you to continue reading this article.

Browse And Adjust User Settings

Let’s begin. As you have not yet read the Terms of Use, examined the use of the information and privacy terms or adjusted the settings of the software to your needs (business and private) –now is the time to do so. So how do you do it? And why is it so important to be paying attention to these things?

You must enter the settings menu (see for example the setting menu in Zoom and in Teams) and browse it thoroughly. Browsing the menu reveals dozens of setting options; from simply display and screen settings to advanced settings for information sharing and group management. Needless to say, this array of information can create confusion and deter you from making a change. Therefore, I recommend that you focus on adjusting the following:

  • Information security, including service passwords.

  • The use and retention of your information, including the recording of calls and the use of the microphone/camera.

  • Call and software management, including video use, file sharing and access to information.

  • Participant capabilities, including the ability to manage calls, join calls, screenshare, and share various information.

  • Managing the information that is revealed about you, including the ability to see what I was doing during the conversation and whether I was attentive.

edobar zoom

Getting to know the participants in your conversations

Firstly, be careful (more importantly, when it comes to your children), to join the conversations of participants you are familiar with.

Secondly, when we initiate calls, we recommend not only sending a call with a call link, but also adjusting your software setting so that a password is required for joining. In some programs (such as Zoom), you can even enlarge and create a virtual “waiting room”, which participants can enter before the call can be approved or rejected by the host.

Getting to know the participants in your conversations

Managing participants and their capabilities

It’s advisable to define who gets what permission for which software element, including the use of the microphone, the camera, for screen/file sharing and of course for recording. In some softwares, you’re able to disable the option of “Joining A Call Before the Host”. You’re also able to disable the file sharing option and even set rules for sharing (for ex. Read-only access). As for the ability to record the call, it’s important to note that even if you have disabled this option within the system itself, the call can still be recorded using third party softwares. Accordingly, this should be taken into account both when it comes to sharing personal and sensitive information, as well as for the dissemination of such information thereafter.

Information Security

Let’s start with the obvious; information security risks. Recently, a number of articles have been written on how security weaknesses allow people who have not been invited to join a video call, listen to them and even access files that are transferred in the call. Although this specific security issue has allegedly been fixed, it is surely only a matter of time before hackers and other parties find other ways to do so. There’s just no way to ensure such hacking never happens–but there are certainly ways to minimize/reduce the risks. The key to preventing your security from being compromised is a trinity of methods;

  1. Keep track of software updates
  2. Be sure to use the latest version of the software which includes information security updates
  3. Be mindful that there may be those who listen and/or can access the transmitted information within your call. Take this into account when part taking in conversations that are sensitive and/or share personal information.

Software Misuse

The more popular the software is, the more “hostile” people will try to abuse it. Among other things, the same factors invite many participants who may share and upload content that is violent or lude. One example of this is the process of Zoom Bombing (link).

So how do you avoid the risks associated with chat softwares? Keep all of the above mentioned rules in mind and make sure to join in on calls with familiar participants and a clear agenda. As far as children are concerned, we recommend informing them of the risks so that they remain well aware–and check up on them occasionally to ensure the software is not being misused.

In Conclusion

Certainly the various tools available to us have many advantages that allow us to maintain a “routine” during these troubled days. However, it is imperative that we understand these tools also have certain dangers in them–dangers we should be alerted of so that we can try to minimize their impact on us as much as possible.

The writer, Adv. Ido Bar-Gil, is the head of Legal operations at LawFlex