Skip to content

runZero Recognized as a 2024 SC Media Awards Finalist for Most Promising Early-Stage Startup

The 2024 SC Media Awards Honor Companies Offering Cutting-Edge Products and Services Across Many Areas of Cybersecurity

AUSTIN, TEXAS — August 30, 2024 — runZero, a leading provider of Cyber Asset Attack Surface Management (CAASM) and top rated on Gartner Peer Insights, today announced that the company has been recognized as an Excellence Award Finalist in the Most Promising Early-Stage Startup category for the 2024 SC Awards. This announcement was made on Thursday, August 29, 2024, as part of SC Media’s 2024 SC Awards coverage.

Celebrating its 27th year, the SC Awards recognize the solutions, organizations, and individuals that have demonstrated exceptional achievement in advancing the security of information security. This year, the SC Awards received a remarkable number of entries across 34 specialty categories, with many notable companies earning nominations for their leadership and commitment to cybersecurity.

The SC Awards were evaluated by a distinguished panel of judges, including cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance community from sectors such as healthcare, financial services, education, and technology.

“The finalists for the 2024 SC Awards truly represent the forefront of cybersecurity innovation and leadership,” said Tom Spring, Editorial Director at SC Media. “These solutions, organizations, and professionals have demonstrated outstanding capabilities in addressing today’s complex and ever-changing threat landscape. We are proud to recognize their contributions to the cybersecurity community.”

Many CAASM solutions in the market rely heavily on integrations to inventory assets, leading to incomplete visibility into unknown and unmanaged assets, while others focus solely on IT devices, lacking coverage for OT and IoT assets. The runZero Platform combines powerful proprietary active scanning and native passive discovery with integrations to overcome these limitations, providing a comprehensive, unified solution that delivers complete visibility and accurate, in-depth fingerprinting for all IT, OT, and IoT devices across on-prem, cloud, and remote environments.

“We are honored to be recognized by SC Media for our unique approach to CAASM and exposure management,” said Julie Albright, chief operating officer at runZero. “This nomination speaks volumes to our commitment to helping organizations address the urgent cybersecurity challenge of improving visibility into managed and unmanaged assets with a solution that is easy to implement and produces results immediately.”

Over the coming week, the SC Media editorial team will provide in-depth coverage of runZero, including a featured profile on the SC Media website and promotion across their social media. Winners of the 2024 SC Awards will be announced on September 17, 2024.

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret.

Learn more at www.cyberriskalliance.com.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

The High-Stakes Chess Game: Inside the World of Ransomware Negotiation

In the shadowy world of cybersecurity that faces off with cyber criminals head-on, there exists a unique breed of professionals who spend their days playing high-stakes games with some of the most dangerous people on the planet. No, these folks aren’t undercover agents or secretive hackers—they’re ransomware negotiators. If you’ve ever imagined what it’s like to haggle with a digital pirate who just locked up your company’s crown jewels, you’re not far off. Let’s dive into the nitty-gritty of ransomware negotiation, a job that’s part therapist, part tactician, and wholly unpredictable. 

The Art of the Deal: How Ransomware Negotiation Works

Ransomware negotiation is a delicate dance, one that requires a mix of psychology, strategy, and sheer nerve. The first step in this dance often starts with the arrival of a chilling message: “Your files have been encrypted. Pay $X in Bitcoin, or say goodbye to your data.” At this point, a business has two options—try to restore from backups and hope for the best, or engage with the attackers and negotiate.

When a company chooses to negotiate, that’s when the ransomware negotiator steps in. The role isn’t about simply agreeing to a price. Oh no, it’s much more complex. These professionals assess the situation, gather intelligence on the ransomware group, and try to understand their motivations. Are they in it purely for the money? Are they likely to leak the data if they don’t get what they want? How reliable are they in actually decrypting files after payment?

Negotiators will often start by stalling for time, trying to learn as much as possible while also assessing the victim’s willingness and ability to pay. Then, they’ll typically make a counteroffer—usually lower than the ransom demand but not so low as to insult the cybercriminal’s delicate sensibilities. From there, it’s a back-and-forth, a digital haggling session that might resemble negotiating the price of a used car, if the used car dealer were holding your company’s secrets hostage.

Success Rates: The Good, the Bad, and the Encrypted

You might be wondering—how often do these negotiations actually work? The answer is, frustratingly, “it depends.” Some ransomware groups have a twisted sense of honor and will decrypt files once paid, while others may take the money and run. Negotiators generally aim to minimize the financial damage and ensure the company can get back on its feet as quickly as possible, but the outcome is never guaranteed.

However, ransomware negotiation can be surprisingly successful. Some studies suggest that negotiation can reduce ransom payments by up to 50%, and there’s often a better chance of getting files decrypted if you play your cards right. That said, even a successful negotiation is bittersweet. Paying a ransom, after all, doesn’t just make the problem go away—it can also fund future attacks, perpetuating the cycle.

Surprising Aspects of the Job: More Than Just Haggling

While the essence of the job is negotiation, the reality is that ransomware negotiators do much more than just talk numbers. They are crisis managers, often dealing with companies at their most vulnerable. Part of the job involves calming down panicked executives, explaining complex technical details to people who don’t speak “geek,” and sometimes even playing the role of an ad-hoc therapist. One negotiator might spend their morning haggling with a hacker in Eastern Europe and their afternoon explaining the concept of Bitcoin wallets to a CFO who still thinks cryptocurrency is Monopoly money.

Another surprising aspect is the ethical tightrope that negotiators must walk. There’s always the question of whether to pay or not to pay, a moral dilemma that’s about as clear-cut as a foggy morning. On one hand, paying the ransom might be the quickest way to get a company back on track. On the other hand, it’s essentially funding criminal activity. Negotiators often find themselves in the unenviable position of having to recommend the lesser of two evils, knowing that whichever path they choose, someone is going to be unhappy.

Then there’s the psychology of it all. Negotiators need to understand the mindset of the attackers. These aren’t your average criminals—they’re often highly organized and operating as part of a professional syndicate. Some even have customer support teams (yes, really) to ensure that their “clients” can navigate the payment process smoothly. Negotiators must be adept at reading between the lines, recognizing bluff from bluster, and figuring out what really motivates their counterparts.

The Final Word: A Job Like No Other

Ransomware negotiation isn’t a job for the faint of heart. It’s stressful, unpredictable, and often frustrating. But for those who thrive in high-pressure situations, it can be incredibly rewarding. There’s a certain satisfaction in outmaneuvering a criminal and helping a company recover from what could have been a devastating blow.

So, next time you think your job is stressful, spare a thought for the ransomware negotiators. They’re the unsung heroes (or antiheroes, depending on your perspective) of the digital age, navigating the murky waters of cybercrime with a steady hand and a sharp mind. And who knows—maybe one day, they’ll get their own action movie. After all, “Die Hard: Ransomware Edition” has a certain ring to it, doesn’t it?

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Ultimate macOS Security: Leveraging Scalefusion for Maximum Protection

It’s undeniable that our devices are extensions of our daily lives and therefore securing them is the utmost need. As Antoine de Saint-Exupéry wisely noted, ‘A goal without a plan is just a wish.’ This sentiment holds profound meaning for macOS security. Since 2018, there has been a startling 400% rise in malware threats targeting macOS systems, emphasizing the need for protection. [1]

macOS Security Features
macOS Security

Your MacBook or iMac is no longer just a tool but a trusted helping guide in your work and personal life. Protecting it goes beyond shielding data; it’s about safeguarding your productivity and peace of mind. Scalefusion UEM, with its macOS management capabilities, helps businesses by confidently defending their digital assets, making sure that every click and keystroke of Macs remains secure against the backdrop of evolving security threats.

Securing macOS Devices with Scalefusion Endpoint Management

Scalefusion’s endpoint management for macOS devices addresses diverse use cases while making security a cornerstone of device management. By enforcing security policies, Scalefusion ensures that all macOS devices comply with corporate security standards, reducing the risk of unauthorized access and data breaches.  

macOS Security Features Scalefusion Offers

1. FileVault Management

FileVault is  Apple’s built-in disk encryption technology for macOS, which encrypts the entire hard drive on your Mac, protecting all data stored on the disk. This ensures that even if someone gains unauthorized access to your Mac, they won’t be able to access your data without the FileVault password. 

Scalefusion simplifies FileVault management by enabling admins to activate Full Disk Encryption (FDE) with just a few clicks.  This includes configuring institutional recovery keys for secure disk decryption and recovery purposes, essential for maintaining data accessibility and compliance with regulatory requirements. By prompting users to enable FileVault and setting maximum login bypass attempts, Scalefusion enhances security protocols without compromising user experience or device performance.

2. Gatekeeper Management

Scalefusion integrates support for Apple’s Gatekeeper feature, empowering admins to enforce secure application policies on macOS devices. With Scalefusion, admins can easily configure and manage Gatekeeper settings to ensure only trusted applications are installed and executed:

  • Configure Gatekeeper Settings: Admins can select predefined Gatekeeper settings, such as allowing apps from the Mac App Store, identified developers, or all applications.
  • Prevent User Override: Scalefusion enables IT admins to enforce policies that prevent users from bypassing Gatekeeper settings, ensuring adherence to organizational security standards.
  • Enhance Application Security: By leveraging Scalefusion’s intuitive dashboard, businesses can maintain a secure computing environment while facilitating necessary application access for users.

3. Firewall 

Firewall management capabilities empower IT admins to protect devices from unauthorized network access. Scalefusion simplifies Firewall management by enabling IT admins to:

  • Enable Firewall: Activate Firewall to monitor and control network traffic based on predefined rules.
  • Block All Incoming Connections: Implement strict security measures by blocking all incoming connections, minimizing potential risks.
  • Enable Stealth Mode: Enhance security by making macOS devices invisible to unauthorized network scans with Stealth Mode.

4. Certificate Management

Certificate management is important for authentication on macOS devices. By managing digital certificates, organizations can establish trusted connections, encrypt data, and authenticate users and devices, resulting in overall security enhancement.

Scalefusion simplifies certificate management by allowing IT admins to deploy various types of certificates:

  • SSL/TLS Certificates: Ensure secure communication between macOS devices and network servers.
  • SCEP Certificates: Facilitate scalable and secure issuance of certificates to network devices.
  • Client Certificates: Authenticate devices or users, restricting access to networks or applications to authorized entities only.

Additionally, Scalefusion enables IT admins to:

  • Manage Certificate Lifecycle: Handle the issuance, renewal, and revocation of certificates, ensuring continuous security compliance.
  • Centralized Management: Monitor and manage certificates across macOS devices from a single dashboard.

5. Peripheral Control

Peripheral control is vital for preventing unofficial devices from connecting to macOS and mitigating security risks such as data leakage and unauthorized access. By managing peripheral connections, businesses can ensure that only authorized devices are used.

Scalefusion empowers IT admins to enforce peripheral control by enabling or disabling specific settings and functionalities. This includes:

Restrict Items in System Preferences:

  • Network: Control network settings to prevent unapproved access.
  • Bluetooth: Disable Bluetooth to block untrusted device connections.
  • Printer & Scanner: Restrict usage to approved devices only.
  • CDs & DVDs: Prevent data transfer via optical media.
  • USB Devices: Block unauthorized USB devices to prevent data theft.
  • External Storage Devices: Restrict the use of external drives to secure data integrity.
  • Siri & Dictation: Restrict settings to control access for improved security.

6. Authentication and Authorization

Restricting Apple ID: Ensures that only authorized personnel can sign in to prevent unauthorized use of corporate-owned devices. By managing Apple IDs, Scalefusion helps keep corporate data safe, ensuring that only the right people can access sensitive information and resources.

OneIdP: Scalefusion’s OneIdP feature simplifies authentication and authorization by providing a unified identity management system. This makes login processes easier and more secure, allowing users to access multiple applications with a single set of credentials.

7. App and Content Management

Managing apps and content is necessary so that macOS devices are not prey to phishing attacks and security breaches. By controlling which apps and content are accessible, businesses can prevent the use of malicious software, reduce security risks, and comply with regulatory standards.

Scalefusion offers the following features for app and content management:

  • Application management: Makes sure only trusted software is installed and used.
  • Content Filtering: Restricts access to inappropriate or harmful content.
  • Third-Party App Patching: Keeps third-party applications up-to-date with the latest security patches, reducing vulnerabilities and ensuring compliance.

8. OS Updates and Patches

Timely OS updates and patches are critical for maintaining macOS security, as they fix vulnerabilities and enhance protection against threats. Scalefusion automates and manages macOS updates and patches to ensure devices are always up-to-date with the latest security fixes. This includes:

  • Automated Updates: Schedule and deploy updates to ensure timely application.
  • Patch Management: Monitor and manage patch status across all devices.
  • Compliance Assurance: Ensure all devices comply with the latest security standards.

Protect Your Digital Assets with Scalefusion UEM

Secure your macOS devices with comprehensive security features that protect your digital assets. Experience the peace of mind that comes with knowing your devices are protected against threats. From managing updates and controlling apps to enforcing encryption, Scalefusion has you covered. 

Contact our experts today and take the first step towards a more secure and compliant macOS environment. Start a 14-day free trial now!

Reference:

  1. QA

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

The Evolution of IT Security Compliance in the Age of GenAI

Just when we thought we had seen it all—from phishing schemes that could fool even the most paranoid, to ransomware attacks that would make your average Bond villain blush—along comes Generative AI (GenAI). If you’ve ever played with one of those AI tools that can write poems, paint portraits, or even generate code snippets, you might have thought, “This is cool!” Well, so did the cybercriminals. And not in a good way.

Welcome to the new frontier of cybersecurity, where GenAI is the latest weapon in the hacker’s arsenal, and conversely, the new shield for those on the defense. It’s a cat-and-mouse game where both the cat and the mouse have just discovered rocket boosters. As we dive into this brave new world, let’s take a look at how IT security compliance is evolving, and where it’s headed.

GenAI: The Cybercriminal’s New Favorite Toy

Remember when hacking used to involve a hoodie, a dark room, and endless lines of code? Those were the good old days. Now, with GenAI, the barrier to entry has lowered significantly. Today’s cybercriminals can deploy AI tools to generate convincing phishing emails, automate the creation of malware, and even simulate entire social engineering scenarios with frightening accuracy.

Take, for example, deepfakes—those AI-generated videos that can make it seem like anyone is saying or doing anything. A little creepy, right? Now imagine a cybercriminal using that technology to impersonate a company’s CEO in a video message, instructing employees to transfer funds or divulge sensitive information. Suddenly, that phishy email from a “Nigerian prince” seems downright quaint.

GenAI can also be weaponized to exploit zero-day vulnerabilities more efficiently. By analyzing vast amounts of data at an astonishing speed, AI can identify weaknesses in systems before they are widely known and patchable. And once those vulnerabilities are found, GenAI can help create and deploy exploits faster than you can say, “Didn’t we just update the firewall?”

Cybersecurity: Fighting Fire with Fire

But all is not lost—cybersecurity companies have their own GenAI tricks up their sleeves. In fact, the same technology that’s making hackers more formidable is also giving the good guys some powerful new tools.

One of the key ways AI is being infused into cybersecurity is through predictive analytics. By analyzing patterns and trends in vast amounts of data, AI can predict potential threats before they even happen. It’s like having a crystal ball, but instead of foretelling who’s going to win the next reality TV show, it’s predicting the next big ransomware attack.

GenAI is also being used to enhance threat detection. Traditional security systems often rely on signatures—known patterns of malicious activity—to identify threats. The problem? Signatures can only detect what they already know, making them useless against new, unknown threats. Enter AI, which can analyze behaviors rather than just signatures, allowing it to identify anomalies that might indicate a cyberattack in progress, even if it’s something the system has never seen before.

And let’s not forget about response times. In the high-stakes world of cybersecurity, every second counts. AI-powered systems can respond to threats in real-time, automatically shutting down attacks as they happen and minimizing damage. It’s the digital equivalent of having an elite SWAT team on standby, ready to storm in and neutralize the threat before anyone even realizes there’s a problem.

IT Security Compliance: Playing Catch-Up

With all this innovation in the cybersecurity landscape, you might think that IT security compliance standards would be sprinting to keep up. Unfortunately, it’s more of a brisk walk. Compliance frameworks, by nature, tend to be reactive rather than proactive. They’re the rules and regulations designed to ensure that organizations maintain a certain level of security, often dictated by what’s come before rather than what’s coming next.

However, the rise of GenAI is forcing a reevaluation. Compliance standards are beginning to recognize that traditional check-the-box approaches are no longer sufficient. It’s not enough to have firewalls, antivirus software, and regular updates. Organizations now need to demonstrate that they’re using advanced, AI-driven tools to proactively identify and mitigate risks.

Moreover, compliance is increasingly focusing on data governance—how organizations manage and protect the data they collect. With GenAI capable of analyzing and generating data on an unprecedented scale, the potential for misuse is staggering. New regulations are emerging that require organizations to not only secure their data but to do so in ways that account for the unique challenges posed by AI technologies.

Another key area where compliance is evolving is in the realm of AI ethics. As organizations deploy their own AI tools, they must ensure that these tools are used responsibly. This includes everything from preventing AI from making biased decisions to ensuring that AI-generated content is accurate and not misleading. In other words, it’s not just about using AI—it’s about using it in a way that’s fair, transparent, and ethical.

The Road Ahead: Where Do We Go From Here?

So, where does IT security compliance go from here? If the past few years are any indication, we’re in for a wild ride.

First, we can expect to see more dynamic and flexible compliance standards. Instead of rigid rules that are updated every few years, we’ll likely see frameworks that are designed to evolve in real-time, incorporating the latest AI technologies and threat intelligence as they emerge. This will require closer collaboration between regulatory bodies, cybersecurity experts, and organizations themselves.

Second, we’ll see a greater emphasis on continuous monitoring and assessment. Rather than relying on periodic audits, organizations will need to demonstrate ongoing compliance through real-time reporting and automated assessments. This is where AI can once again play a key role, enabling continuous monitoring of systems and generating compliance reports automatically.

Finally, as AI continues to evolve, we’ll likely see new forms of compliance emerge that focus specifically on AI governance. This could include everything from ensuring that AI systems are transparent and explainable to implementing safeguards that prevent AI from being used for malicious purposes. In essence, we’ll need compliance frameworks that are as smart and adaptive as the AI technologies they’re designed to regulate.

Welcome to the AI-Powered IT Security Compliance Future

The integration of GenAI into both cybercriminal tactics and cybersecurity defenses marks a new chapter in the ongoing battle between good and evil in the digital realm. While the challenges are significant, so too are the opportunities. As IT security compliance evolves to meet these new realities, organizations will need to be more agile, more proactive, and more innovative than ever before.

So, buckle up. The future of IT security compliance is going to be anything but boring. And if nothing else, it’s a great excuse to finally upgrade that ancient firewall. After all, in the age of AI, you never know when a deepfake CEO might drop by with some “urgent” instructions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Our Top Tips for Secure Video Conferencing

What is video conferencing software?

In basic terms, video conferencing software allows multiple users to hold live video and audio meetings online, making it feel like they’re having a face-to-face conversation even though they’re not in the same room. It usually includes handy features like screen sharing, chat, and file sharing to ensure efficient and secure video teleconferencing. It’s commonly used for work-related virtual meetings and online classes.

Cybersecurity risks in video conferencing

At the beginning of April, Zoom, one of the most popular video conferencing services, had a ton of security-related problems. Most of them revolved around poor encryption and data protection.

Zoom always stated that it offers end-to-end encryption. However, it turned out to be far from the truth. It only encrypts data in transit, and to make matters worse, the developers have encryption keys that allow Zoom to decrypt its users’ data.

Another problem Zoom had to deal with was so prominent it even has its own name — zoombombing. It’s a type of photobombing where hackers and regular internet trolls would get into people’s video conferences and post malicious links, pornographic images, or use obscene language.

Weak encryption combined with bugs in some of Zoom’s apps also led to 500,000 of its users’ credentials ending up for sale on the dark web. It doesn’t help that Zoom is known to collect and sell users’ data to third parties — without informing them about it.

Even though Zoom was quick to react and patch most of these vulnerabilities, new exploits are likely to arise all the time — both in Zoom and other video chat services. Therefore, you should always keep tabs on the latest cybersecurity news. Otherwise, you risk your private conversations, passwords, and business secrets ending up online.

What you can do to protect yourself

  1. Make sure to install the newest version of the app the moment it’s available. Updates include security patches that are vital if you want to stay safe online.

  2. Never share the meeting link or ID publicly — send it to the people participating in the call only. If your app allows it, set a password for your meeting. Need help with creating a strong password? Try our password generator.

  3. Utilize other features your video conference app offers. Some have a virtual waiting room where you can approve every person. Others allow you to disable participant’s cameras and microphones and even kick them out. Learn about all the features of your secure video conferencing software and how to use them to stay safe.

  4. Never accept video conference invites from people you don’t know. It might be a scam or a catfishing attempt, so it’s best to stay away from people you don’t know.

  5. Always be mindful of what you say and show during a video call. Remember, everything can be recorded, and you never know where it will end up. So, don’t share any information that’s too personal or sensitive. Look for safer methods to discuss business secrets.

  6. Even though many video conferencing apps offer encrypted video calls, you should still take additional safety measures and do some research. Make sure they don’t have any known vulnerabilities, the encryption protocols they use are bulletproof, and your own device is not infected with malware. If someone has control over your computer or phone, they will be able to listen in on your calls even with end-to-end encryption. Scan your devices regularly to make sure they are safe to use.

  7. Be careful with apps you never heard of. Only download them from official app stores, and always check whether the developer is trustworthy before installing it. Hackers are known to create fake versions of popular secure video conferencing software that infect your phone with malware.

  8. Usage of various video conferencing platforms is skyrocketing, and cybercriminals have their eyes set on them. Therefore, never reuse passwords, change them regularly, and come up with strong, complex passwords for your most sensitive accounts. If you need help remembering them — use a password manager to store them all safely.

  9. Use Health Insurance Portability and Accountability Act (HIPAA) compliant video conferencing software to ensure the safe handling of sensitive health information. Considering that sometimes employees need to share their health data with people in other departments (e.g. HR), you should create a safe virtual environment where they can do that without worrying about security.

  10. Make GDPR compliance a top priority to confidently use video conferencing tools while keeping data protection standards high. This approach will help you avoid fines and legal issues for failing to comply with GDPR regulations. Plus, remember that adopting GDPR-secure video conferencing practices is a way to not only protect your participants’ privacy but also enhance trust and credibility.

  11. Use only strong passwords, that is combinations of letters, numbers, and symbols that are complex and unique enough to prevent cybercriminals or malicious machines from identifying them. Also, you should implement two-factor authentication to increase the level of cybersecurity at your company. With two-factor authentication, employees must provide more than just their password to log in to your company applications or access company data. This means, for example, that they will be sent a verification code via email or SMS, or asked to use their biometrics to confirm their identity

 

CISA guide for securing video conferencing

The Cybersecurity and Infrastructure Security Agency (CISA), an agency of the US Department of Homeland Security, has released a guide on how to carry out video conferences in a secure way. In essence, CISA has come up with four tips that, when followed, can help you safely connect with others over a video chat. They are:

Make your network secure — Set up your router to use WPA2 or WPA3 wireless encryption standard, and create strong passwords for both the router and your Wi-Fi network.

Control access to your video conferencing software — Create strict policies, processes, and procedures so that only the right people can use your video conferencing software.

Create a secure environment for file and screen sharing — establish secure rules regarding the types of files that can be shared during a video conference. Also, if you want to make a recording of the meeting, let all participants know about that.

Use only the latest versions of your applications — enable automatic updates and follow a patch management policy to make sure your applications are up-to-date and as secure as they can be.

Most Secure Video Conferencing Software

Here are what we consider to be the best video conference tools available on the market today. They are:

ZoHo Meeting – a video conferencing platform that not only provides all the communication features needed to connect with other team members, but it also encrypts all audio, video, and screen sharing to make sure all information – both personal and business – is safe and sound. Using ZoHo Meeting, you can easily record your meeting and share it with the people you trust. Plus, as a host, you can “lock” the meetings so that they are fully private. This means you are in full control of who can join the meeting and be able to add/remove participants at any time.

Microsoft Teams – probably one of the most popular video conferencing tools available on the market, Microsoft Teams is a secure video conferencing service that comes with a wide range of features that can help you set up and carry out video conferences with ease. Not only does it allow you to connect with up to 10.000 people at once for a live event, but it also enables you to go from a group chat to a video conference with the press of just one button. This is convenience at its highest.

Pexip — a video conferencing tool that makes security one of its highest priorities. With Pexip, you can set up PIN-protected virtual meeting rooms that allow you to keep communication private. As a host, you can see all participants taking part in the meeting and thus be sure that no eavesdropping is attempted. If you are looking for a secure video conferencing platform, you should give Pexip a go.

Google Meet – a video conferencing service developed by Google that allows users to host and join virtual meetings. It offers features like screen sharing, real-time captions, and integration with Google Workspace tools, making it ideal for both personal and professional use. Users can engage in encrypted video conferencing through a web browser or mobile app without being required to install any additional software.

Zoom – another highly popular video conferencing platform that lets users set up virtual meetings, webinars, and online events. Offering features like screen sharing, breakout rooms, and virtual backgrounds, it provides functionality for both personal and professional needs. By allowing users to join meetings via a web browser, desktop application, or mobile app, Zoom makes video conferencing an enjoyable experience anywhere, anytime.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×