The world is now becoming familiar with videoconferencing and collaboration platforms like Zoom, Microsoft Teams, WebEx, Slack and others thanks to COVID-19 and government-imposed restrictions on pubic gatherings.
While the world learns how to set up a videoconferencing call and how to screen share, the world is also learning about the inherent security vulnerabilities with that software.
Some of those aforementioned platforms have been prone to meeting hijacking, and security researchers are discovering that data sent over those platforms may not be as secure as you thought. That’s because those platforms weren’t built with end-to-end encryption, says Joel Wallenstrom, CEO of encrypted messaging and videoconferencing app Wickr.
Zoom has been criticized for its lack of security and its data-sharing with Facebook, both of which the company is addressing. Other platforms offered by Google, and Microsoft Teams, have also been targets of attacks, according to Check Point Research.
“This day was coming,” Wallenstorm says. “It wasn’t hard for a lot of us to see.”
Wickr has been around since 2014, debuting with an end-to-end consumer product that Wallenstrom says was meant for journalists and people working overseas in hostile environments.
How end-to-end encrypted UCaaS protects your organization
Two years later, the company moved into the enterprise with an end-to-end encrypted communication platform like Microsoft Teams or Slack, which Wallenstrom called taking the strength of end-to-end encrypted personal communications platforms and building enterprise controls and capabilities around it.
“So that’s what we do now, mostly,” he says. “We’re really built for large scale deployments, for organizations … where security is a huge priority for them.”
Rather than protect the information that sits in a centralized server, Wickr was built to eliminate that collection of data.
Wallenstrom says the “man in the middle” attacks — when someone gains unauthorized access to a server — can expose a unified communications provider provider and all of their customers’ information.
“So you’re only protecting the traffic as it goes to that server, and then you’re putting all your eggs in that single basket,” Wallenstorm says. “With end-to-end encryption, you eliminate that big basket. There is no one place to get all the eggs.
“And so it just eliminates that attack surface that that in and of itself is kind of the simple description of why end to end encryption is so important and so powerful.”
Why other platforms aren’t as secure as you think
Wallenstrom referenced a Princeton professor and cybersecurity expert Arvind Narayanan, who tweeted last month that Zoom is essentially malware.
Let’s make this simple: Zoom is malware. https://t.co/xkJDaP4OoK
— Arvind Narayanan (@random_walker) March 31, 2020
“I think what that is referencing is the emphasis has been on fun and ease,” Wallenstrom said of the platform. “And so essentially it goes in, it installs things you are not aware of and that maybe haven’t been vetted appropriately, but it does everything for you.”
Wallenstrom calls this the struggle between ease of use, convenience and fun and security.
“They would rather have zero clicks or one click to get to a video conference, but when you’re doing that, you’re giving away a lot of control,” he says.
As such, most of Wickr’s clients are mission-critical companies and organizations, like the U.S. Department of Defense, Freedom’s Shield, U.S. political groups and others that greatly value their security.
Choosing the right platform for your organization
While there are security issues with some conferencing platforms, most communication done on those channels isn’t of value to hackers.
Wallenstrom says technology decisionmakers need to evaluate their risk profile when selecting a communication platform — especially as their rushing to make a decision with their workforce stuck at home.
“There’s this understanding that … we need to be fast, but we also have a real risk profile,” Wallenstorm says. “Marrying the two of those is where you end up understanding that the right solution is for you.
“Another thing that’s going to happen is some people will just choose speed and kind of spit on their risk profile. But that will change here soon.”
That may already be changing, as Wickr has seen a 1,000% increase in enterprise client usage since the coronavirus-induced shutdown.
“There’s a chance we could be doing this for a pretty long time and I think remote work will become more of a reality,” Wallenstrom says. “So there will be some time to really check the boxes where I think people were just scrambling.”