Using Zoom for Video Conferencing

I love Zoom, but like any tech, there are potential vulnerabilities for new users.

Protect your Zoom account and avoid Zoombombing (aka hacking) by following these suggestions:

  • Be wary of links. Login at Zoom directly rather than using the meeting link. Enter the provided meeting ID to join a meeting.
  • Set screen sharing to host only. Doing so prevents your meeting from being hijacked by a hacker.
  • Use the waiting room feature to prescreen and approve attendees.
  • Try Zoom webinars instead (this is the method I use for all my CLEs). Webinar settings offer advanced controls, including several approaches to prescreening attendees.

Read more about these safety tips here.

Are Zoom Conferences Recorded?

Webinars

When I conduct Zoom CLE webinars, I record them. This is a setting I activate as host. It isn’t automatic.

Meetings

Zoom meetings are recorded by default. Zoom help explains this and instructs hosts on how to change settings. This is one area where the USA Today article is misleading. For information on Zoom encryption, see this.

Give Others a Heads Up

No matter what you do, it is common sense to give clients and others a heads up on how your video meeting will be conducted. Advise if you plan to record. Let attendees know if your conference is listen only, whether they can raise their hand, or submit questions.

Documenting Your File

Recordings have their place. For example, preserving the meeting as part of your file. Advanced settings in Zoom allow you to include all participant names, add a time stamp, save chat files, and automatically transcribe audio.

All in all, Zoom is a pretty terrific tool.

All Rights Reserved 2020 Beverly Michaelis

Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.

Biometrics

You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis

Phishing Scam Hits OJD Users

Here are the details.

Astonishing Admission from Amazon about your Data

Thanks to Delaware Senator Chris Coons we recently learned that Amazon keeps Alexa transcripts and voice recordings indefinitely and only removes them if they’re manually deleted by users. Maybe.

While the company is engaged in an “ongoing effort to ensure those transcripts do not remain in any of Alexa’s other storage systems,” there are still records from some conversations with Alexa that Amazon won’t delete, even if people remove the audio.

In addition, Alexa also retains all purchase requests, reminders, and alarms.

Wow!

You, the user, must take the extra step to delete this data – and even if you do – Amazon doesn’t always follow through.

Despite reports by cnet and other tech sites, this news flew under the radar when reported last Tuesday – two days before Independence Day.

Smart Technology

As cnet points out, voice assistants aren’t the only cause for privacy concerns. Any smart home device – locks, doorbells, or appliances – can potentially collect and share your data. Be aware that the price you pay for convenience may mean sacrificing privacy.

All Rights Reserved 2019 Beverly Michaelis