In this podcast we speak to Chris Carter, CEO of software company Approyo who has six top tips for cyber security while using video conferencing systems:
Since the start of the pandemic there has been a surge in remote work across companies around the globe. Executives have transitioned their staff to work remotely for an indefinite period of time. As a result video conferencing tools like Zoom, Skype, Google Meet and more have seen an increase in usage. With so much private data and visual content roaming through these platforms it’s imperative that we ensure they’re protected with the utmost security. Chris recommends companies take these proactive steps:
Electronic specifier
Hello and welcome to today's podcast brought to you by electronic specify insights since the start of the coronavirus pandemic, there has been a huge surge in the level of remote and home working in companies around the globe. executives have transitioned their staff to work remotely for an indefinite period of time, with big brands like Google, Facebook and Microsoft expecting a large percentage of their staff to remain remote until 2021. However, this does bring with it its own cyber security challenges. Today we're speaking to Chris Carter, CEO of software company, a pro who has six top tips for cybersecurity whilst using video conferencing systems. Chris Hello, and welcome. Can you kick us off by giving our listeners a bit of background about yourself and your expertise? And perhaps a brief overview of current business landscape in relation to the growth in video conferencing over the coronavirus lockdown period?
Absolutely, Joe, and thank you, it's great to be with you. So a little bit about myself. I've been very fortunate. I've been in the ecosystem of technology, almost all of my career, which spans now I'm just hit the Golden 50. So happy with that. But, you know, you've I've seen such a massive change over the last shoot even five years. But from the last several years with conference systems, the zooms the teams, the Google meats and all those types of aspects that our company was founded back in 2015, wrapped around security for SAP environments to be able to support organisations and large organisations to small with SAP activities, be it in the cloud or in a data centre. So app royal was born out of my passion to help organisations with security with their eirp with SAP, specifically and activities. And then what have I seen from the ecosystem? Well, geez, just in the last 24 months alone, you've seen the growth of zoom. And then in the last three months, with the corona pandemic, you've seen zoom, just overtake teams, Google pluses, and now the Hangouts, Facebook now has a solution. And you've really seen this take off. And it's really allowed those, I like to call them the naughty villains of cybersecurity, who want to try and break in and grab data and to disrupt organisations and not in a good way, really start to leverage how they can break in and get data and information. So it's been a, it's been a crazy three months, but it all was prefaced with three years ago, with these activities of zooms and such starting to really take over our lives.
So yeah, I mean, is it fair to say that the the growth in in technologies like zoom and Google Hangouts has been great from from a business point of view, but it's also opened up further avenues for as you say, you know, naughty hackers,
it absolutely has unfortunately, you know, the, the phrase zoom bombing, I'm sure is going to be coming the Webster's dictionary this next year. That was something that we never knew about, never thought about, but because of security, in people jumping into these zoom meetings and other meeting places, it's really taken off because of that. Absolutely.
Sure, sure. I mean, you draft these six top tips for, for people to be proactive with regards to security. Could you perhaps talk a throat through each of those?
Yes, let's do that. So the first and foremost, one is always keep your your solution updated. No matter if you're on teams, zoom, Google meet, whatever the case may be, if it's an application that has an update, do the auto updates. And that was one of the things that caused zoom to have these zoom bombers, people were not auto updating the solution. And so it was still stuck in the realm that it was when it was first downloaded, maybe a year ago or so. So it didn't have some of the pieces to the puzzle that needed to be more secure. To is always used password. That was part of the problem with zoom and zoom bombing is people would have these meetings that would continuously start and stop and start and stop no matter where they were. And no password whatsoever. So anybody could jump into it. And that actually led to what was number three on my list is don't share a link to a zoom meeting in the social forums in the Facebook's and Twitter's and so on without a password. And really, unless you're going to have a very structured, focused meeting, you want to be very secure and who gets that information. And of course, then you want to have the security piece around it. It's kind of what happened to the, I believe it was the City of Milwaukee common council or one of their groups were having a meeting to discuss something with Milwaukee. And all of a sudden, they had sent that zoom meeting out to anybody and everybody. And lo and behold, people came in there and started bombing them. It wasn't it was no longer and there were some naughty pictures that were posted from a triple x site. And so you don't want to do that. So You start with those three, four, when when you're working with these applications, make sure that from a standards, let's call it process, you want to have standards in place on how you run these meetings, who is running the meetings, how you're going to utilise the zoom meetings to be more secure around that leads you into number five, with Google Hangouts with Facebook, with others activities, and I made reference to it a little bit earlier, you do not want to give this information or the data to anybody and everybody, most organisms are most individuals who set up a zoom meeting for themselves. They have their own predefined, I guess, room that they can set up too many people are using that predefined room as a standard willy nilly, I'm just going to throw it out there, hey, anybody can join in at any time? Well, people are stealing that information, and creating their own meetings at any point in time. And they're also jumping into meetings anytime they're out there. And there may be groups that have that meeting set up and going 24 by seven 365. And so as part of that, I personally don't ever use my personal room, unless it's one on one with somebody that I am immediately going to have a conversation with. Otherwise, I set up a meeting, no matter if it's in zoom or teams. And I set that up specifically then for a particular group or a particular team that we need to have those activities with. So the more security that you can wrap around it, the better. And then finally, what I like to tell individuals, no matter what platform you're using, is use a VPN connection, you should use a virtual private network, you can get there's free versions of VPN, there's paid versions, you know, I'm on a MacBook. So I use Mac keepers VPN to keep my private network out there and away from people use a VPN because then nobody can hack your IP or find out where your IP is located, how you're utilising it. And it really keeps that at that additional layer of security. And the more that you can be secure, the better off you're going to be.
Sure, sure. Yeah, that's, that's great. I mean, I think a lot of businesses have been entering in a period of uncertainty and you know, stepping into the unknown to a certain degree over the last few months. So having those best practice steps in place is fantastic. From your point of view, what changes and trends have you seen since the lockdown period in terms of the increase of cyber attacks? Have you seen a spike at all?
Oh, it's spiked, it has definitely spike Joe. And unfortunately, it continues to be that way. Now that individuals are in their home offices, they're not used to the ways of setting up an enterprise or a corporate wide network, or security, or VPN, or connectivity to a set of servers back at the corporate office through a VPN. And so unfortunately, individuals have these standard routers that are out there. We all know them the links, this isn't the net gears and such. But they all have the same user ID and password when they get shipped from the corporate distribution centres. When they get manufactured, they all have the same either a blank administrator or admin with password or some type of phoney baloney password that these individuals don't know how to set it up. They don't know what they're supposed to do at that particular time when they use it. So unfortunately, they've never been trained. And so it really hurts individuals and it really hurts organisations because they've never set up a VPN inside there. They've never changed the password. They've never changed the standard IP address. 190 2.168 point 1.1 I bet you if 20 people on the podcast right now did that they would literally get sent to either their Alexa Linksys or Netgear router right now. And they would be amazed that it's, that's how you connect to it. And so those are some of the basic things. But the hackers know all that. They know that information. And so that's, that's what's troublesome is that's what they keep pinging and they just run random pings to make sure that they can get to it and try to steal data. Indeed,
and you mentioned there about, you know, a lot of people using their, their home offices and, you know, getting used to different different ways of working and perhaps a little bit more relaxed in comparison to to their office life, you know, perhaps they wouldn't be dressing down and perhaps getting up a little bit a little bit later. So what would be the best best way to get into, you know, a more office based cybersecurity mindset for those that are working from home?
Sure. So from a from a cybersecurity phase, is if you've got an IT team back at your corporate office, talk to them, talk to them about what you've got what are the tools that you've got? What are the tools that the company wants to provide you and how you can have that set up to be successful. I'm a big believer in communication from the security side. And from the staff side, we have set up with our teams, we make sure that they have proper lockdowns, proper changes in IP is proper change in their user IDs and passwords, especially when it comes to using their own systems at home. We don't want to infringe upon the fact that they've got wives and kids and significant others and boyfriends girlfriends. That are they're using that information. But we do want to help them with getting a little bit more secure. And in the end, it'll also help them and their families be a little bit more secure. And to really offer up that activity. We've got a young man, he and his husband had a system. And the first thing is has been asked us was, how can we secure this I don't want to make, I want to make sure that nothing gets stolen, I don't want to get in trouble. And so we literally for it literally took us less than 30 minutes, had everything locked down. And they were very happy. And away they went. Good to go.
Sure. And again, something you touched on earlier about the knowledge of the hackers, obviously, you know, cyber security seems to be something of a moving target. And hackers are constantly looking at looking for more sophisticated ways in which they can, they can launch attacks, how can companies ensure that they they stay one step ahead of the hackers, particularly now when a large proportion of their staff may be based remotely.
So the biggest thing that you can do is set those updates to auto updates, make sure all of your applications are set to auto update from a desktop laptop perspective, you may not want to do that on your servers, but you've got Barracuda firewalls are the different latest and greatest security tools on there. But what you do want to do is you want to make sure that from a application standpoint, nobody can break in through any open ports or activities, that may be a flaw in the application. And so Microsoft and Mac and all these other applications, you know, even zoom, zoom realise that they had a problem. And they squashed it fixed it sent the update and all the auto updates, fix the problems that were out there. So make sure that that's the number one thing, hackers are gonna hack, you're gonna hack, they're going to find something, they're going to get out on the dark web and go to town, but there's your get a good chance that the application owner is already working on a fix for that, and is going to push that out to you.
So indeed, and perhaps looking a bit bit further down the road into the future. You mentioned earlier that there was a you know, there's been a massive spike since since the the lockdown and and you know, big companies like like the, the Facebook's and the Googles of this world aren't expecting their staff to, you know, to return to the office until next year at the at the earliest. So, so, you know, with those two aspects in mind, what do you see that how do you see the future panning out over in terms of cybersecurity over the next 12 months and beyond?
Certainly, I see it becoming more and more of an issue, because unfortunately, it is progressing much slower. Even with the Googles and the Facebook's of the world staying at home, you know, they're offering up dollar amounts to help with their staff members. And that's great. That's a great start. But one of the things that they they fail to do is communicate, communicate what it is to, to lock down a hub, or router, what it is to not go out to a Starbucks or a coffee shop and be on the open network without a VPN communicate to them. What are some of the business activities that they need to be aware of, always make sure your VPN is on. When you're on your laptop. Even on a cell phone, you can have a VPN that supports those activities. Because once you get hacked, it's a lot harder to get it cleaned up than it is to preset and get you locked down beforehand. So over the long term, I think it'll it'll start to decrease. But right now, the hackers are going crazy because there are so many people out there back at home. So if you're
in perhaps on the on the other side of that coin it could it in the long run have a potential positive impact in that. This this current crisis has led some companies to wake up to cyber security where of where whereas perhaps before they weren't quite so tuned in?
Oh, absolutely. There are firms that we've talked to, from an SI p or p security perspective, that they had zero idea that they had vulnerabilities out there. And I know of a CSO of one of the companies. He He immediately sent and put together a team that work together to put together a cybersecurity profile for the organisation and based upon roles and responsibilities for those individuals and rolled it out company wide to several 1000 individuals and then had his entire season Team and as network team and as security teams working with these individuals to make sure that they were not going to be that company that had the million internet or a million hack issue come up and be part of the nightly news. And so you do see individuals that are taking responsibility and that are understanding what's in house as you go forward. It's been, it's been good to see that as well.
Sure, indeed. Well, thank you for that, Chris. That's, I think we can all appreciate it's been a very challenging time at the moment for a lot of businesses out there. So to get insight like that into the cybersecurity do's and don'ts is it has been absolutely fantastic. So thank you for your time. And thank you to everyone who's listed and listen to today's podcast. If you have any further questions, then please feel free to submit them to editor at electronic specify.com. And we will endeavour to get them answered for you. So I thank you again, Chris.
Absolutely. Joe glad to help and I look forward to talking to you soon.
Thank you. Bye Bye now. electronic specifier