Businesses of all sizes are rushing to respond to the COVID-19 pandemic, making use of new tools and ways of working to limit the impact of global lockdowns, calls for remote working, and quarantined staff. Many have begun to use virtual meeting software to move their meetings online.
Virtual meetings are a great tool to optimize remote work, allowing critical business functions to continue despite the current crisis. However, remote meetings also represent a source of cybersecurity risk for businesses.
One of the most common forms of attack against virtual meeting software is a “brute force” attack, and businesses should be aware of how to protect themselves. In this article, we’ll show you how to do that
What is a Brute Force Attack?
First, some basic definitions. Brute force attacks are one of the most common cyber attacks, partially because they are so simple to execute. In this form of attack, a hacker will simply try and guess the passwords used by your staff to access remote meetings.
This simple description belies the complexity of some brute force attacks, however. Hackers can make use of freely available tools that allow them to guess thousands of passwords a second, for instance.
They can also use phishing emails to extract information from staff that makes guessing passwords much easier. It’s also worth recognizing that a hacker doesn’t need to get into your virtual meeting software in order to spy on you: instead, they can hack webcams that will allow them to see everything that is happening.
The Dangers of Brute Force Attacks
Once an attacker has compromised a virtual meeting, they can steal sensitive information from businesses. The most obviously sensitive type of data are financial details, but the average virtual meeting will also contain other forms of data that are equally valuable to hackers.
This information can include personal details of staff that make further attacks easier, or even commercially sensitive information that can later be used to blackmail a company. After intruding on a virtual meeting, a hacker can also threaten to release information on the financial situation of your company. This is why taking action to secure your virtual meetings is so critical.
If anything, brute force attacks are a far more significant threat than they ever have been before. The United States has seen major economic growth over the last few years, with the unemployment rate falling below 4% and total disposable personal income rising to its highest levels ever at over $100 billion. The COVID-19 outbreak has made hackers only more eager to take advantage of the situation, to the point that personal or business data is even more at risk as people work from home.
How To Prevent Brute Force Login Attacks
When it comes to preventing brute force attacks on your virtual meetings, you need to look far beyond the security of your virtual meeting software. This is because a successful attack against any part of your IT infrastructure can give hackers access to information that makes a brute force attack far easier, and far more likely.
For most businesses, this means ensuring your website is hack proof, since your website is by far the most exposed part of your systems. The best web hosts will provide you with the tools to do this, but you should also apply the following tips across all of your systems:
- Choose Strong Passwords
The first and most important way to prevent brute force attacks, whether on your virtual meeting software or any other system, is to simply use strong passwords. You should avoid passwords that contain personal information – such as birthdays or pet names – because this information is easily skimmed by hackers from social media profiles.
You should also ensure that you use a unique password for every account you own, and that your staff are aware of the importance of using strong passwords. And while passwords are great for security, on their own they are simply not enough. That’s why you should also be keen to turn to other security measures as well, such as…
- Limit Logins to IP
If you have a little more technical knowledge, you can also limit the IP addresses that are able to login to your systems. This will limit access to your systems to a small number of locations, and can prevent botnet attacks.
Implementing this requires that your remote staff use a static IP address, and so you should teach them how to do this on their home networks. This can include configuring their home WiFi router to assign them a static IP, or – even better – using a VPN that offers a suitable IP.
- Account Lockouts
In order to further enhance the security of your virtual meeting software – or, in fact, any other system you use – you can also limit the number of login attempts allowed on these systems. This will prevent an attacker from trying thousands of different passwords.Limiting login attempts does not offer complete protection against brute force attacks, because more sophisticated hackers can make use of “botnets” to simulate login attempts from multiple locations. It does, however, make your systems just a little harder to crack, and often this is enough to defeat amateur attempts to break into them.
- Multi-Factor Authentication
Finally, a move to remote meetings should involve making use of the security functionality offered by your software vendors. Multi-factor authentication (MFA) has been offered as standard on many systems, including virtual meeting software, for many years now, but before the current crisis many firms have not made use of it.
MFA requires users to have access to a second device – typically their smartphone – in order to login to your systems. This means that, even if an attacker manages to guess a password using a brute force attack, they cannot use it to crash your virtual meetings. You can also use MFA to protect your VPN. While your VPN will already offer excellent protection by encrypting the information being exchanged with your business systems, requiring MFA access can serve as another critical layer of defense.
The Bottom Line
Moving to virtual meetings will undoubtedly pose some challenges for the average business. However, it can also serve as a learning opportunity to help protect and grow your business for 2020 and beyond.
In reality, the security precautions above should have been implemented by all businesses long ago, and so if the current crisis spurs you to improve your cybersecurity, it will at least have had one good outcome.