Insights | July 3, 2020

To Zoom or Not to Zoom: Addressing a Crucial Cybersecurity Question

This post was originally published by Sid Yenamandra at Smarsh.

Eight tips to help advisors balance between security and convenience with Zoom

Though shelter-in-place orders and working from home have become the new normal, the reality is that most businesses are not prepared to protect their employees and their devices from cyber criminals in a remote work environment. That’s especially true for the wealth management industry.

Let’s start with the fact that most employee-owned devices are not appropriately protected. Many broker-dealers, banks, insurance companies and RIA firms have stepped up their efforts to address some of the most glaring weaknesses. But for others, cybersecurity issues are only becoming more challenging as a surge of professionals flock to Zoom and other video conferencing platforms to meet with clients and collaborate with colleagues.

How Financial Services Firms Can Vet Zoom

Indeed, very few IT managers have had the opportunity to vet these tools, even as they are now known to present a series of security and compliance challenges.

Wealth management professionals are gauging how much risk the use of the Zoom platform introduces. Here are eight tips to keep you and your organization safe on Zoom:

Use the latest version. Be sure you are always using the latest version of the application so that your endpoint is protected against known security issues.
Never share your Zoom meeting ID publicly. Posting meeting IDs publicly makes it easy for hackers to infiltrate your account by guessing your password. This could result in “zoombombing” or someone getting access to your private chat transcripts or files.
Share your meeting password securely. Treat your Zoom meeting password the same way as you would treat your sign-in credentials for your bank account or company workspace. Also, use two-factor authentication, which dramatically lowers the likelihood of getting compromised.
Set preferences to host-only. Resist the temptation to designate a co-host, because it increases the likelihood that a breach could take place. What’s more, shut off file transfer, camera and audio settings for all participants. That leaves one person in control of the conference. The end goal is to minimize the possibility that an interloper could gain access.
Pay for the enterprise plan. If you are relying on Zoom for business, it’s better to upgrade to the pro or enterprise plans rather than using freemium services.
Beware of Zoom phishing emails. If you get a meeting invite from someone with whom you are not familiar, you can log in to the call by connecting to the Zoom website and then manually keying in the meeting ID. That will ensure that the invite is valid. Otherwise, it could be a phishing email aimed at getting you to click a link that will end up harming your device.
Perform endpoint hygiene. Patch the endpoints used to access Zoom with up-to-date anti-virus and anti-malware software and make sure to enable device or file-level encryption. These steps will not only help to prevent compromises, but they will serve to mitigate the damage should they occur.
Use VPN when possible. This minimizes the likelihood of a man-in-the-middle or denial-of-service attack that could disrupt your productivity. VPNs could create some network bottlenecks, especially if you don’t have much bandwidth to spare, but they will ensure that your sessions have end-to-end encryption, something that most regulators require.

To Zoom or not to Zoom? For wealth management professionals who need to drive as much continuity of service and connection with clients and colleagues, this is an important cybersecurity question.

But by following the right cybersecurity safeguards as outlined here, it doesn’t need to become an existential question for your business.

About the Author
Sid Yenamandra, Founder & CEO at Entreda

Sid Yenamandra co-founded Entreda, the leading provider of comprehensive cybersecurity software, systems and training to the wealth management industry, in 2011 and oversees all aspects of the company’s vision and day-to-day operations. Prior to Entreda, Sid served as vice president of product and business development at Plato Networks, which he sold to Netlogic Microsystems and subsequently was acquired by Broadcom for $4 billion. Prior to Plato Networks, Sid worked on several Silicon Valley ventures and was part of an elite, NSA-funded team that developed a Suite B flow-through cryptographic processor to protect critical U.S. infrastructure. Sid holds Bachelor of Science degrees in Electrical Engineering and Computer Science from University of California Berkeley.

Insights

Insights | November 1, 2023

The Art of B2B Selling

Insights | September 18, 2023

Curves, Caps and Swaps: Strategies to thrive in a rising interest rate market

Insights | August 15, 2023

K1 Portfolio Companies Named to the 2023 Inc. 5000

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
Cookie Law Info - Analytics	11 months	The cookie is used to store the user consent for the cookies in the category "Analytics".
Cookie Law Info - Check Advertisement	session	This cookie is used to record the user consent for the cookies in the "Advertisement" category .
Cookie Law Info - Necessary	11 months	The cookie is used to store the user consent for the cookies in the category "Necessary".
Cookie Law Info Consent	session	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
Viewed Cookie Policy	11 months	The cookie is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
Google Analytics Tracking	1 year	This cookie is set by Google Analytics.