The Inherent Risk To Using Unsecure Chat Software/ Adv. Edo Bar Gil

With the outbreak of the Corona crisis, more and more people are opting to use various chat software not only for their business needs, but also for the personal ones. As the days of lock-down continue, issues of whether these tools are really secured or not are rising on a daily basis.

People are holding “virtual” team meetings, school classes, fitness training, meditation and stress training sessions, meetings with professionals, and of course, conversations with relatives and loved ones. Popular apps for such sessions include Zoom, Slack, Skype, Viber, Google Hangouts and so on.

Surprisingly, and completely opposite to the amount of downloads of these tools, only a few people read the software’s terms of use in depth, and even less people (less than 5%) enter the system’s settings to adjust and toggle the software to their needs. It’s important to note that these programs are not new! In the years that these tools have existed, we’ve witnessed changes in both their privacy policies and information use settings. Accordingly, caution is required in using them.

I’m approaching to you dear readers, with a heart-to-heart question, have you read the software terms of use before downloading them? Have you adjusted the software’s system settings to your needs? If the answer is no, I strongly encourage you to continue reading this article.

Browse And Adjust User Settings

If you have not yet read the Terms of Use, examined the use of the information and privacy terms or adjusted the settings of the software to your needs (business and private) –now is the time to do so. So, how do you do that and to which issues you should be paying attention?

One must enter the settings menu (see for example the setting menu in Zoom and in Teams) and browse it thoroughly. Browsing the menu reveals dozens of setting options – from simple display and screen settings to advanced settings for information sharing and group management. Needless to say, that this array of information can create confusion and deter one from making any changea. Therefore, I recommend to focus on adjusting the following:

  • Information security, including service passwords.
  • The use and retention of your information (by the service provider / third parties), including the recording of calls and the use of the microphone/camera.
  • Call and content management, including video use, file sharing and access to information.
  • Participant(s) capabilities, including the ability to manage calls, join calls, screenshare, and share various information.
  • Managing the information that is revealed about you, including the ability to see what you “were doing” during the conversation.

Getting to know the participants in your conversations

First, be careful (more importantly, when it comes to your children), to join solely conversations of participants you are familiar with.

Second, when you initiate a call, it is recommend not only to send send a call with a call link, but also to adjust the software setting so that a password is required for joining. In some programs (such as Zoom), you can even enlarge and create a virtual “waiting room”, which participants enter before the call and can be approved or rejected by the host.

Managing participants and their capabilities

It’s advisable to define who gets what permission for which software element, including the use of the microphone, camera, screen/file sharing and of course, recording. In some tools, you’re able to disable the option of “Joining a Call Before the Host”. You’re also able to disable the file sharing option and even set rules for sharing (for ex. Read-only access).

As for the ability to record the call, it’s important to note that even if you have disabeld this option within the system itself, the call can still be recorded using third party tools / software. Accordingly, this should be taken into account both when it comes to sharing personal and sensitive information, as well as for the dissemination of such information thereafter.

Information Security

Let’s start with the obvious; information security risks. Recently, a number of articles have been written on how security weaknesses on Zoom enabled hackers, who have not been invited, to join a video call, listen to them and even access files that were transferred in the call. Although this specific security issue has allegedly been fixed, it is surely only a matter of time before hackers and other parties find other ways to do so. There’s just no way to ensure such hacking never happens, but there are certainly ways to minimize/reduce such risks.

The key to preventing your security from being compromised is a trinity of methods:

  • Keep track of software updates
  • Be sure to use the latest version of the software which includes information security updates
  • Be mindful that there may be third parties who listen and/or can access the transmitted information within your call. Take this into account when you are taking part in conversations that are sensitive and/or share personal information.

Software Misuse

The more popular the software is, the more “hostile” people will try to abuse it.

One example of this is the “Zoom Bombing” (link) – A third party invites many participants (without even knowing them) and share and upload content that is violent or lude.

So how do you avoid such risks? Keep all of the above mentioned rules in mind and make sure to join solely calls that you are familiar with their participants and have a clear agenda. As far as children are concerned, it is also recommend to inform them of the risks, so that they remain well aware and check up on them occasionally to ensure the software is not being misused. 

In Conclusion

There is no doubt that the various tools available to us have many advantages and they enable us to maintain a “routine” during these troubled days. However, it is imperative that we understand that these tools also have certain dangers in them–dangers we should be alerted of, so that we can try to minimize their impact on us as much as possible.

The writer, Adv. Ido Bar-Gil, is the head of Legal operations at LawFlex