10 Ways to secure Zoom

It was widely reported that popular Zoom was not secured to use. Zoom has released its patches to secure its software. Having said that, you can take additional measures to secure yourself while using Zoom.

1. Use a Unique ID for Large or Public Zoom Calls

When you schedule a Zoom meeting, look for the Meeting ID options and choose to Generate Automatically. Doing so plugs up one of the biggest holes that Zoom-bombers can exploit.

2. Require a Meeting Password

One way to protect the meeting is to require a password. You can give the password out only to those who have replied and seem credible. To password-protect a meeting, start by scheduling a meeting and checking the box next to Require a meeting password.

3. Create a Waiting Room

When participants log into the call, they see a Waiting Room screen, the host, lets them in. You can let people in all at once or one at a time, which means if you see names you don’t recognize in the Waiting Room, you don’t have let them in at all.

4. Only the Hosts Should Share Their Screen

Make sure your settings indicate that the only people allowed to share their screens are hosts. You can enable this setting in advance as well as during a call.

5. Create an Invite-Only Meeting

Only people who can join the call are those you invited, and they must sign in using the same email address you used to invite them.

6. Lock a Meeting Once It Starts

While the meeting is running, navigate to the bottom of the screen and click Manage Participants. The Participants panel will open. At the bottom, choose More > Lock Meeting.

7. Kick Someone Out or Put Them on Hold

During the call, go to the participants' panel on the right. Hover over the name of the person you want to boot and when options appear, choose Remove.

8. Disable Someone’s Camera

f someone is being rude or inappropriate on video, the host can open the Participants panel and click on the video camera icon next to the person’s name.

9. Prevent Animated GIFs and Other Files in the Chat

In the chat area of a Zoom meeting, participants can share files, including images and animated GIFs – if you let them.

10. Disable Private Chat

Open Setting in the Zoom web app (it’s not in the desktop app). On the left side, go to Personal > Settings. Then click In Meeting (Basic). Scroll until you see Private chat. When the button is gray, it’s disabled.

IT Security - How to Spot a Phishing Email - Part 2

You received an email from someone claiming that your office email is BLACKLISTED and required you to click a button to confirm. Is this for real ?

STOP. Don't click. First, read the lines. Email service provider (the hosting company) do not simply blacklist your email account. That job is done by your email Administrator (usually someone from your IT Department).

Secondly, if you are a normal email user, there is absolutely no reason for your email account to be marked as a problematic account, unless you have been using it to spam other people.

Next, hover your mouse on top of the Confirm button and observe the link. The above example shows a link came from "primausaha.net". Is the URL sounds familiar to you? If NO, then it is obviously a scam, a phishing email trying to lure you their site and probably try to get you to reveal some sensitive information (e.g ID/password, credit number).

No further action should be taken on your part other than to delete the email and report the matter to your IT Department.

Even if your email account is suspended, the email Administrator will contact you directly. So it doesn't make any sense to receive an email from a stranger.

Going further, your IT Department will investigate further to confirm the URL from the email. The image below shows the result. The URL is a dangerous site.

On a side note, it also beneficial to install a Firewall to protect your local network. You may contact us for further details on IT Security.



Related links:

IT Security - How to Spot a Phishing Email - Part 1

IT Security - How to Spot a Phishing Email

Phishing a type of online scam used by fraudsters to access valuable online personal information, e.g. usernames and passwords. These can be of huge monetary value to criminals. 

Phishing can take the form of emails containing website links or malicious attachments. Cybercriminals send bogus emails, instant messages, text messages – even letters – to lure their victims in. These communications can often, at first glance, appear to be authentic communications from legitimate organisations. Links embedded within an email can take you to a spoof website where your login details may be requested, stored, and ultimately misused. You also run the risk of your computer or smartphone being infected by viruses.

Once these cybercriminals have access to your personal details, they use this information to commit fraudulent activity such as bank fraud and identity theft.

Spear phishing

Spear phishing takes a more sophisticated approach. It aims to win the trust of a victim through personalized messages which appear to come from a trusted source with the aim of eliciting sensitive information to derive some form of financial gain.

As with email communications used in regular phishing expeditions, spear phishing messages are designed to look like they come from a trusted source, such as a trusted website (classic examples being eBay or Paypal). In the case of spear-phishing, however, the fraudster is likely to be someone known to the recipient, or their company.

How to spot a phising email

What can you do to protect yourself from a phishing scam?

There are a number of steps we recommend you adopt to protect yourself from this ever-growing form of cybercrime:

• Be proactive. Where personal information is requested by email/phone, never give it. Where telephone numbers/links are provided in these communications, don’t use them. Contact the organisation through their official website (look out for the “https” prefix, indicating it is secure), or listed telephone number to verify the communication is legitimate.
• Ensure your anti-virus software is up-to-date and enable your spam filter. If you are suspicious of an email, mark it as spam and delete it. This prevents future messages reaching your inbox.
• Beware of unknown sources. Don’t click on links featured in emails sent to you by a source you don’t know (and even if they’re purported to be from one that you do, be on your guard).
• Remember that your bank will never contact you via email asking for sensitive information such as passwords.

Recommended reading:
IT Security - Email Security Awareness

IT Security - Email Security Awareness

A colleague requested that we should have some form of IT security awareness program. So to kick start it, the first article of this topic will centered around Email Security.

Security Awareness

Security awareness is nothing but a knowledge of potential threats. Its an advantage of knowing what type of threats / security issues and number of incidents, our organization may face in day-to-day operation. It's not possible to ensure 100% security through technology, unless staffs are provided with adequate information security awareness. Personal responsibility are the key of success of any information security program.

Why Information Security

Information is a valuable asset for all kinds of business. More and more information related crimes happen. Information leakage, damage will impact business. With regards to online information, the Internet allows an attacker to attack from anywhere. Malicious code from an email, a web page or a file in USB, can infect the entire organization. A breach is often the result of a simple mistake (or lack of awareness).


Rules to Stay Safe Online

• Rule #1. Stop, Look, Think!. Use that delete key.
• Rule #2. Do I spot a Red Flag? Verify suspicious email with the sender via a different medium (e.g personal call, messaging).
• Rule #3. When in doubt, throw it out.

End User Email Security Best Practices 

There are also some important best practices that end users should follow to ensure secure email usage. Arming your employees with the know-how to avoid risky behaviors can make a substantial impact on your company’s ability to reduce risks associated with email. Email security best practices for end users/employees include:

• Never open attachments or click on links in email messages from unknown senders.
• Change passwords often and use best practices for creating strong passwords.
• Never share passwords with anyone, including co-workers.
• Try to send as little sensitive information as possible via email, and send sensitive information only to recipients who require it.
• Use spam filters and anti-virus software. We know that you're busy but if a technician from Pasti Nyala came over to perform routine maintenance, do allow them to do their job.
• If you received some suspicious emails from your co-worker, do verify with them. This will alert they of possible breach of their email account. 
• When working remotely or on a personal device, use VPN software to access corporate email.
• Avoid accessing company email from public wi-fi connections.

Countermeasures

Countermeasures can take the form of software, hardware and modes of behavior. Behavioral countermeasures include:

• frequent deletion of stored cookies and temporary files from Web browsers
• regular scanning for viruses and other malware
• regular installation of updates and patches for operating systems. Let Pasti Nyala technician handle this for you.
• refusing to click on links that appear within e-mail messages
• refraining from opening e-mail messages and attachments from unknown senders
• staying away from questionable Web sites
• regularly backing up data on external media.

Email Jargons

Spam email or Junk email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated.

Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as bank account numbers, credit card numbers, or your login IDs and passwords. Scammers use your information to steal your money or your identity or both.

Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.


Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member.

GMAIL - Last Account Activity

If you are a user of GMAIL, open your mail box and scroll to the bottom of your mail box. On the right side, there is an information on your Last Account Activity. Click Details to show your historical access to your mail box. Perform this task occasional and report an incident if you noticed something abnormal about your activities, as someone else might be trying to hijack your email account.

Lastly, do report any abnormality or incident to our IT Support or email direct to RWS so we can investigate and perform corrective measure.