Today, as we speak about ADR (Alternate Dispute Resolution), which refers to the set of methods that help parties settle their conflicts outside the court, we see the changed patterns of operation of such processes. Due to the COVID 19 pandemic our world was shifted online including the dispute resolution system. To our amaze even court trials were happening online, live streaming of Gujarat high court hearings on YouTube is one such prominent case. The increase in video conferencing use during these difficult times shows us the power of community and being digitally linked while the entire planet is enduring repressive movements to curb the spread of the COVID 19 virus. ADR sessions were also held electronically throughout the lockdown, where confidentiality and transparency are the primary pillars, and in those situations, proper cyber hygiene is of paramount importance in keeping out unwelcome guests, shielding the client and counsel as well, and also preserving confidentiality.
Without paying much regard to the security settings of these sites, there has been a mass adaptation to online platforms. Hence, the path for cyber attackers to take advantage of vulnerabilities for malicious reasons has been paved. This challenge should be addressed by all law firms/arbitration centres or any private company with a risk-based approach. Following are the general cyber risks that one might face while attending or conducting a video conference.
- Meeting Bombing:An uninvited attacker enters the meeting either to eavesdrop on the conversation or to obstruct the meeting, which hampers the meeting’s secrecy. It typically occurs where there is no password for the meeting or the intruder guesses the password or meeting ID. The Zoom bombing phenomenon recently came into view with the increase in the use of the video conferencing app.
- Malicious Links: An attacker can post a malicious link in the chat box once they are inside the meeting. Typically, such links are a Trojan horse where one click on the link can lead to your system getting infected with malware. Suppose an attorney clicks on such a link, and the intruder can almost reach and manipulate virtually everything in the attorney’s system because of this malware.
- Data theft and trading:If the intruder is inside the device, the private and valuable data contained on the individual system can be quickly stolen, and it becomes possible for the virus to propagate from one system to all other linked networks due to peer-to-peer sharing. Therefore, stealing data now seems like an attacker’s cakewalk, and he can sell all the important information which might consist of confidential information.
POSSIBLE SOLUTIONS –
The list of possible threats is not exhaustive. So, instead of concentrating mostly on the danger aspect, we should also pay attention to the general cybersecurity tips that should be followed for a safe, confidential, and private meeting without some espionage lurking in the meetings which would certainly be a nightmare for both the protection of the association and the privacy of the client. Following are some measures that can be followed for intrusion free online ADR session.
- Password for all meetings: An alphanumeric password or at least a meeting ID is of utter significance for an online meeting. No matter what the topic of the meeting is, do not repeat room names. Crafty criminals can quickly guess room names and ID using the war dialing method (a technique used to guess the room, ID) with a bit of social engineering. Trespassing a meeting is not very difficult. It is also not recommended that the meeting ID is shared with others or on any social forum until and unless the meeting is open for all.
- Control and access the admission:Admissions should be controlled by the host of the meeting. The host should handle those requesting to participate and question unknown participants before beginning the meeting and can use the waiting room feature. If necessary, take roll calls to prevent any uninvited intrusion into the private meeting. Make sure not to provide any important personal details in your meeting invite.
- Keep a watch on participants: Keep an eye on participants dialing in from unfamiliar phone numbers or email IDs. Ask them to verify their identities and, if they fail to do so, remove them from the call. Check if passwords are enforced by the video conference application. Rather than dialing into the conference bridge. Enter meetings wherever possible using VoIP or PC audio, since this medium may be encrypted, although telephone calls are not encrypted.
- Is sharing required? : avoid file-sharing in the chat box instead, use emails or other platform ways to share documents. If there is an attacker inside the meeting at least he will not have access to the documents.
- Record only if necessary: make the provision by which only the host can record the meeting or at least set up a notification if someone tries to record the meetings. If your meeting recordings are stored in a cloud you should be aware that cloud backup is not always encrypted, and this creates a loophole for the attacker
- If not necessary, switch off the camera: turning off the camera while not in use will also deter potential interference and it will also consume less network bandwidth. It is, therefore, possible to experience improved communication.
- Be vigilant: Make sure that no pop-up call, alerts or emails are visible. Unwanted notifications create a distraction and also your personal information is visible to everyone attending the meeting. Switch off all notifications if possible.
- Work environment: Make sure there is no sensitive information in your background frame or you can use another background effect if you have something in your background. Just the primary tab you are working on should be opened while sharing your computer to ensure that no irrelevant data or other personal information is shared.
- Purchase commercial software: Do not be miser, buy the app’s paid version for maximum reliability,be sure to upgrade the app with the new version as the old version would leave the device vulnerable to attacks. Also, confirm if the latest version is installed for the attendees. Be sure whether end-to-end encryption protection is offered by the app you use.
- Be mindful of the phishing scam: Avoid clicking on any suspicious link in the chat box or on a meeting invite if you were not expecting it. If you are not sure of the destination do not click on the link as it could lead to installing the malware in the system, just hover your mouse on the link so that you can see the destination on the left bottom corner of your screen. These links will take you to a corny website and infect your device.
- Question the permissions: reviewing the permissions you grant to these 3rd party applications becomes imperative. Are these permissions appropriate for the functioning of the app? Zoom app is a very popular example. The app enjoyed instant stardom, but now faces a huge challenge to privacy and protection as the default settings of the platform are not secure enough
- Report: This is the solution that is most overlooked on any platform. Inform the developers if you find any unusual activities occurring during your call. If any bugs are found will be fixed. Check all the parameters, since certain applications do not encrypt the video by default, only texts are encrypted unless otherwise enabled
- Antivirus: High-quality antivirus offers a full protection package that contains antivirus, anti-malware, anti-ransomware, virtual private network, etc., which helps to protect the device in general.
As each platform has its own characteristics and configurations that can be changed, hence this list cannot be exhaustive. Know the software well and strive to integrate all the security features. When it comes to technology, there is no doubt that people crave convenience. They try to use free, or simple applications but note that in this world nothing is free, if it’s free then you are the product. Your privacy is at stake. Pick the product carefully.
AUTHOR – BHUMISHA LODAYA