Some people do it during meetings. I do it myself if I don’t want to be seen during a meeting. Even FBI Director James Comey claims that he does it sometimes!
The Internet has been buzzing about the need to cover your webcam and microphones ever since Mark Zuckerberg, whose Twitter and Pinterest accounts were recently breached likely due to poor and weak password complexity security, was spotted with a taped up webcam and microphone jack on his laptop a couple of days ago. This raises the question, are people just paranoid, or is this a best practice to stress to your clients? Is Big Brother watching you? Are there any risks of unauthorized users and intruders gaining access to your webcam and microphone to secretly eavesdrop on unsuspecting users?
When people tape their webcams and microphone jacks, it’s pretty safe to assume that there is some paranoia about security and privacy. Given the rise of sensitive data leaks from computer breaches in recent years, this is a pretty legitimate concern. In fact, it's relatively simple for hackers to take over someone’s device using a remote-access Trojan (also known as a RAT). This malware can be spread easily - all that is needed is to have their machine compromised through a phishing link or malicious online advertisement. In so doing, they can give full remote control of their endpoints over to hackers who can then take control of several peripheral devices, such as keystrokes from keyboards, sound and cameras.
Covering your webcam cannot be considered an efficient solution to protecting your privacy - there are other options that will more fully ensure protection. Covering your microphone jack will not stop the device from capturing voices and surrounding noises – it will muffle the sound, at best. Covering your webcam will prevent hackers from spying on you visually, but RATs give hackers access not only to your webcam and microphone, but also to more sensitive documents and files saved on your computer hard drive. RATs can even allow hackers to install more malicious software on your device – this is something that cannot be prevented with masking tape. So what can you do to prevent this malware from intruding on end users and their files?
A strong antivirus (AV) solution can help ensure that you stop, delete or quarantine a Trojan before it does too much damage, but with the ever-changing nature of technology, viruses can easily morph by changing their hash signature to evade antivirus software. What you need is a strong antivirus package that receives regular updates on virus activities in real time around the world, and is able to detect the latest signatures or malicious file behaviors. Good security is usually deployed in layers. Antivirus constitutes an element of your internal defenses, but investments should be made in border security with properly configured firewalls and intrusion detection devices, addressing the issues with user education, and processes that need to be implemented to detect deviation from policies and procedures in order to best protect your users from malware.
Do clients and prospects know that your IT solution combining an endpoint monitoring system with business-grade antivirus protection actually helps minimize the likelihood that they'll receive RATs? In pitching your managed IT services, you can stress that you provide 24x7x365 proactive data monitoring and management. By leveraging a fully-managed remote monitoring and management (RMM) platform, not only will you gain visibility into users' network health, but you'll receive full coverage of their devices from morning to night. This allows you to flag unauthorized or unsecure activity and quickly catch any vulnerabilities before they escalate into data breaches or larger issues. Small- and medium-sized businesses don't have time to handle the upkeep it takes to detect and prevent malware, and yet consistent monitoring and maintenance is instrumental in minimizing risk. By combining the right RMM platform with antivirus and endpoint monitoring solutions, you can help secure clients' perimeters from attacks and penetration.
End User Training
Finally, urge users to always be on the lookout for strange behavior across their networks. Reassure them that as their MSP, you will review which processes are running on their machines, which software programs are installed regularly and whether they are whitelisted or blacklisted by your AV; as well as covering the important details that they don't have time to manage, but stress that data security is a shared responsibility. In agreeing to work with you, they should buy into the security policy framework you establish, but they can't get there on their own. Just as it's your clients' responsibility to adopt cybersecurity best practices, it's your responsibility to teach and reinforce these lessons through educational content and training. In doing this, you can stop their business from becoming another malware infection statistic and PR nightmare. In Cybersecurity Tips for Employees: The Complete Guide to Secure Behavior Online and in the Office, we help you have that conversation with clients by providing a comprehensive overview of threats and best practices with physical, email, account management, mobile and website browsing security.
So what if clients or prospects ask if covering their webcam is a good idea? It certainly doesn’t hurt. You can never be too prepared for a security breach, so taking a page out of Zuckerberg's (Face)book can help shield them in the event that they are hacked. However, there are much more efficient ways to get to the root of the problem by strengthening network security with effective endpoint monitoring and management, a strong antivirus program and proactive user education. Sure, users can go ahead and tape up their webcams, maybe even invest in a webcam cover - it can definitely prevent someone from spying on you via webcam - but it's more important for us all to have a more wholistic security solution, one that can prevent hackers not only from getting a glimpse into our lives, but also from gaining access to sensitive files and hijacking entire devices.