With many of us making a hurried move to working from home due to the current Covid19 situation, social media has been flooded with people proudly posing on Zoom calls or showing off their new home office set-up. But what data risks do those pictures pose and what can you do to mitigate them?
As cyber security experts it’s unlikely you see a picture of our desks on LinkedIn, but as the trend for showing off how well you are working at home shows no signs of abating, here’s what we recommend you look out for in particular.
The risks of taking pictures at your desk - passwords
Is your wifi password stuck on your monitor or laptop? Do you keep the handy little card supplied with your router by your desk for ease of sharing with guests? Make sure it’s not in the picture or you risk exposing your home network to hacking.
And while we’re talking about home networks and hacking, best practise for working from home and keeping your data secure would require a separate network for your work laptop or PC to connect to. As this is largely impractical we recommend using a Virtual Private Network (a VPN) so that your data is kept on a separate, more secure network. It’s inexpensive, easy to set up and requires no advanced IT ability, but it will help keep your data secure.
What’s on your screen?
Open files, emails in your inbox or other things pinned to your desktop can all be visible when you take a quick snap of your desk.
The cameras in the current generation of smart phones allow a serious amount of zooming in without losing quality, so anything that’s open on your laptop or PC becomes readable if you try, even though it looks small on your original picture. The same goes for family photos in the background, passwords or account details written on post-its on your desk, business cards or other information that you could have lying around.
In particular, apps that you use could have backdoors within them that hackers are aware of. Seeing them on your desktop could open you up to a targeted attack using known security flaws.
Another risk is showing the ID of the Zoom call you were on – you’ll find it in the top left-hand corner. If your meeting is a recurring one the ID will stay the same and as Zoom bombing is an increasing risk, letting others know your meeting IDs isn’t the best idea.
Zoom bombing
Say what?! Yep, Zoom bombing is the new name for people dropping into your Zoom calls uninvited. It tends to happen when the call ID has been publicised, often within an event listing as so many people are trying to switch their in-person business models to online.
The result is someone taking over your Zoom call, potentially putting pornographic or other offensive material on the screen – even if you’ve turned off the option for others to screenshare – and malicious links being shared in the chat function which allow hackers to browse people’s systems while they pay attention to your training/meeting.
This kind of tactic tends to be more of a risk when there are many people on a call, not just a few colleagues who know one another, and Zoom has quickly rolled out some security changes to try to mitigate concerns. These include passwords now being required to join calls and a waiting room where people have to stay until the call host invites them into the call. These features were already available but have now been enabled as standard.
Zoom was designed as a consumer, not business, platform first and foremost, so ease of use is at its heart. Platforms designed this way tend to have to run to catch up on security issues, so consider using other options such as Microsoft Teams if you need a more secure environment.
Potential consequences of losing data by posting desk pictures
The risks you’re opening yourself up to range from having your data stolen up to allowing your clients’ data to be stolen – and the resulting issue of having to report this to the Information Commissioner’s Office, the embarrassment of letting your clients know and potentially facing a fine.
Your system could be hacked and used as a backdoor to get into your clients’ systems, or your data could be used to hold you to ransom.
Any of the potential consequences of losing data by posting a picture of your desk online could lead to a serious amount of costs being incurred to set things right. So the next time you want to show off your swish new desk/laptop/latest Zoom call, make sure you clear up the surrounding area to get rid of any risks – or better still, don’t post the picture!
Got a cyber security question? Get in touch and we’ll get back to you ASAP.