3Dresyns policy about videoconferencing

While cloud-based videoconferencing services like Microsoft Teams, Zoom, and Google Meet are widely adopted for collaboration, they inherently pose significant cybersecurity risks. For this reason, 3Dresyns does not utilize any cloud-based videoconferencing platforms for customer communications. Instead, we prioritize written correspondence as a more secure alternative to mitigate potential cyber threats.

Here are the key risks associated with Microsoft Teams, Zoom, Google Meet, and other videoconferencing cloud-based services:

Data Leakage & Unauthorized Sharing

  • External Sharing Risks: Users may accidentally share sensitive data with external parties or unauthorized internal users.
  • Guest Access Misuse: Poorly managed guest access can lead to data exposure.
  • File Storage Risks: Files shared are stored in SharePoint/OneDrive, which may have misconfigured permissions.

Phishing & Social Engineering Attacks

  • Malicious Links & Files: Attackers may send phishing links or malware-infected files via chats.
  • Impersonation: Hackers can spoof legitimate users or create fake teams to trick employees.

Account Compromise

  • Weak Authentication: If multi-factor authentication (MFA) is not enforced, attackers can hijack accounts via credential stuffing or phishing.
  • Session Hijacking: Stolen session tokens can allow attackers to access without credentials.

Malware & Ransomware Spread

  • Attackers can distribute malware through file uploads in chats or channels.
  • Compromised accounts can spread ransomware across shared files.

Compliance & Data Retention Risks

  • Regulatory Violations: Sensitive data (PII, financial info) shared may violate GDPR, HIPAA, etc., if not properly controlled.
  • E-Discovery Challenges: Lack of proper retention policies can lead to data loss or unauthorized access after employees leave.

Third-Party App Integrations

  • Malicious or vulnerable third-party apps can expose data or provide backdoor access.
  • Over-permissioned apps may access more data than necessary.

Meeting & Call Hijacking

  • Unsecured Meetings: Without proper controls, attackers can join private meetings ("Zoombombing"-like attacks).
  • Eavesdropping: Unencrypted or intercepted calls can expose confidential discussions.

Insider Threats

  • Disgruntled employees may exfiltrate data via chats or file shares.
  • Accidental data exposure by employees is a common risk.