Zoom’s unprecedented explosion in usage has introduced new data security risks for teams and companies around the world. While these risks may not be novel for mature organizations already familiar with the risks of SaaS cloud tools, there are many that are facing these for the first time. Recognizing this, we’ve taken the time to implement detectors for Zoom meeting sharing within our Slack data loss prevention (DLP) platform. With Slack being another platform seeing higher than usual usage during this time, often in conjunction with Zoom, we believe this light but powerful addition to the Nightfall user’s toolkit can help organizations mitigate critical but overlooked avenues of data leakage risk.
In this post, we’ll briefly highlight some of the ways you can use our Zoom detectors to enforce your intended security policies and ensure your Zoom meetings remain secure, confidential, and available to those intended to join from within your organization.
Identify Zoom meetings or invitations shared in any context on Slack
With our Zoom detectors, you’ll be able to easily identify Zoom invitations in multiple contexts or formats. Whether a Slack member is sharing a meeting ID with or without a password, a Zoom link, or a Zoom invitation containing all of these details, Nightfall will be able to detect when and where this information is posted. From there, you can build out automated responses via workflows (which we cover below) or set up analytics to keep track of the Zoom meetings and invitations posted across your Slack channels.
Prohibit the sharing of Zoom meetings with passwords
While Zoom provides features like password protected meetings, in some cases these protections can be easily circumvented. For example, if a user shares a Zoom password with someone not intended to be in the meeting, unauthorized individuals can easily join. As a result, you may wish to enforce a policy that prohibits the sharing of Zoom invitations containing passwords outside of designated communication channels, like email or calendar invites. Using Nightfall’s workflow functionality, you can have our Slack bot automatically take action on Zoom links and invitations containing passwords.
Ensure that Zoom meetings aren’t shared broadly
It might make sense to enforce a policy that ensures that Zoom links aren’t shared in large public channels like #general. This prevents unintended audience members who could otherwise join in the background. For example, with Nightfall you can manually or automatically quarantine these Zoom meeting invites for review.
Educate users about the risks of Zoom meeting exposure
Having data security policies in place about how to handle Zoom links is a critical step for cloud security in today’s environment. However, educating users about these policies will prove to be just as important. Luckily Nightfall allows administrators and security teams to communicate with users who violate policies with automated custom messages. This means that a potential incident can be quickly turned into a learning moment, with admins able to link policy offenders to documentation and resources that can inform them of what they’ve done and why it matters.
With Zoom and Slack being some of the most high-use collaboration tools of the COVID-19 era, it’s important that organizations anticipate potential avenues of risk ahead of time. In addition to using DLP to identify opportunities for data leakage, hardening Slack workspace security is another important consideration your organization may need to take into account.
Nightfall is the industry’s first cloud-native data loss prevention solution built from the ground up to secure corporate cloud and cloud infrastructure. Nightfall discovers, classifies, and protects business-critical data in applications like Slack, Jira, Confluence, and more. With over 100+ sensitive data detectors, Nightfall is built to prevent data leakage in many common cloud use cases. To learn more schedule a demo with us below.