security

Zoom Privacy and Security Guidelines

What is Zoom Bombing?

Zoom bombing refers to the unwanted, disruptive behaviour of a participant(s) into a video conference call. In a typical Zoom bombing incident, a teleconferencing session is hijacked by participants engaging in behaviours that are lewd, obscene, racist, homophobic, offensive in nature or otherwise inappropriate, typically resulting in the shutdown of the session. This may include, but is not limited to, disrespectful gestures or body language, insults, display or sharing of offensive audio or visual material, inappropriate communication via chat, including sharing of malicious links or files.

Your Zoom meetings may be wide open to Zoom bombing if you don’t know how to set the host controls properly.

Review the following documents to learn how to stop bad actors and respect the privacy of meeting participants to keep your video calls on track.

Privacy and Security Guidelines for Staff

This document outlines the security and privacy safeguards that Algonquin College staff must implement when using Zoom for meetings with other colleagues or third party participants (e.g. vendors). Faculty should use the Zoom Security and Privacy Guidelines for Faculty when conducting online classes with learners.

ZOOM Security and Privacy Guidelines for Staff

Privacy and Security Guidelines for Faculty

This document outlines the security and privacy safeguards that Faculty must implement when using Zoom for conducting online classes with learners.

ZOOM Security and Privacy Guidelines for Faculty

Privacy and Security Guidelines for Employees using Zoom for Hosting Events Open to the Public

This document outlines the security and privacy safeguards that Algonquin College faculty and staff must implement to prevent and respond to Zoom bombing when using Zoom-meeting for conducting events open to the public.

Events open to the public involving a large audience are the preferred target of Zoom bombers. Where feasible and appropriate, these events should be conducted in a webinar format. If you plan to hold these events in a meeting format, follow this guide.

ZOOM Security and Privacy Guidelines for Events Open to the Public

The Darker Side of Social Media

There is no argument that social media has helped individuals, businesses, and causes attain exponential heights in publicity and profits in record times. Through micro-storytelling, social media has helped bring people together from all different backgrounds and origins and built many valuable friendships and relationships because of a common ground in interest or belief. But there is also no argument that social media has brought some people and businesses to depths they could never have anticipated. Businesses aren’t spending enough time researching the security implications of social media and subsequently training their staff on how to prevent compromises. This article will take you through a couple of things that you should know about particularly how social media has tricked you into thinking that a little sharing is harmless.

‘Twenty Things You Don’t Know About Me’

Many users have received private messages from their Facebook friends who have just created this list, titled ‘Twenty Things You Don’t Know About Me’. Users are invited to read it, create one for themselves, and notify others – similar to a chain letter. The list consisted of some seemingly inconsequential questions like:

What was my most embarrassing moment? Have I ever played hooky? What was the name of my first elementary school? What was my favorite pet’s name?

The first two are instances we can all relate to when we need to express a little humlity, but the last two seem a tad familiar, don’t they? Perhaps you may have used these questions when you were setting up your security verification for online banking? By providing these kinds of details, although you appear to just be sharing it with friends, you may actually be providing an easy channel for identity theft. If you feel you must partake in situations like this, first, stop and think about how/if you’ve answered these types of questions in an online space before (i.e. online banking) and second, refrain from using a similar answer.

Sharing Your Photos and Videos

Photos and videos can give away a lot of information about your identity. If you are posting an image of someone else, be aware of how you may be compromising their privacy. Never post a video or photo of anyone without getting their consent first.

Photos and videos can also reveal a lot of information unintentionally. Many cameras will embed hidden data (metadata tags), that reveal the date, time and location of the photo, camera type, etc. Photo and video sharing sites may publish this information when you upload content to their sites.

Revealing Your Location

Most social networking sites will display your location if that data is available. This function is generally provided when you use a GPS-enabled phone to interact with a social network, but don’t assume that it’s not possible if you aren’t connecting from a mobile. The network your computer is connected to may also provide location data. The way to be safest about it is to double-check your settings.

Be particularly mindful of location settings on photo and video sharing sites. Hackers and cyber criminals can use your photos, location, and contact information to break into your home. For instance, if you just posted a photo of yourself at a location other than your home, and you have other photos posted of the great new devices or equipment you just bought yourself, this could be incentive enough for cyber criminals to take things a step further. Don’t reveal too much about your whereabouts, belongings, or your identity.

E-mail Phishing Attacks

Computer phishing graphicThe College continues to experience the impact of users clicking on phishing e-mails. Within ten minutes of clicking on the links in the emails, malware is loaded onto your computer, followed by your computer “calling out” to hacktivists and criminal organizations. Then, your computer will be remotely controlled to start sending out thousands of spam messages to others all over the world – using your College email address. As you can imagine, not all recipients are going to be particularly happy about receiving the spam, and some will even send back emails to that effect. Imagine the damage to our wonderful name and brand that this can cause. It often takes many hours for ITS to clean up your e-mail account before you can have it back working as normal.

What is Phishing?
Phishing is the act of a cyber-criminal using false pretenses to acquire usernames and passwords, credit card information, sensitive personal information and electronic money by masquerading as a trustworthy entity in an electronic communication such as email or texting. Phishing communications often contain links to rogue websites that are infected with malicious software, which is then downloaded to your computer to conduct further cyber-attacks on College networks. The impacts of phishing can be very significant and include account and data theft, data ransomware, identity theft, loss of money, and system compromise, among others.

What Do They Look Like?
If you receive an unexpected or unusual email, carefully examine it before clicking on an embedded link or downloading an attachment.

Spelling Mistakes and Poor Grammar
Phishes often contain obvious spelling mistakes, poor grammar and incorrect email addresses. For example, instead of @algonquincollege.com, you may see something like @a1gonqu!ncollage.com.

A Sense of Urgency or Importance
In most cases, phishing attempts have a sense of urgency or heightened importance. An example could be “Your credit card has been compromised, provide us with your personal information as soon as possible to resolve the issue!” or “Your email account is about to expire – click here to request additional quota”.

Links and Attachments – Caution
Phishing emails often contain an attachment and/or link. If you were not expecting to receive an email with an attachment, do not open it. If there is a link within the email, hover over it (without clicking on it) and you will be able to determine the true URL.

Think Before You Click!