3Dresyns policy about videoconferencing
While cloud-based videoconferencing services like Microsoft Teams, Zoom, and Google Meet are widely adopted for collaboration, they inherently pose significant cybersecurity risks. For this reason, 3Dresyns does not utilize any cloud-based videoconferencing platforms for customer communications. Instead, we prioritize written correspondence as a more secure alternative to mitigate potential cyber threats.
Here are the key risks associated with Microsoft Teams, Zoom, Google Meet, and other videoconferencing cloud-based services:
Data Leakage & Unauthorized Sharing
- External Sharing Risks: Users may accidentally share sensitive data with external parties or unauthorized internal users.
- Guest Access Misuse: Poorly managed guest access can lead to data exposure.
- File Storage Risks: Files shared are stored in SharePoint/OneDrive, which may have misconfigured permissions.
Phishing & Social Engineering Attacks
- Malicious Links & Files: Attackers may send phishing links or malware-infected files via chats.
- Impersonation: Hackers can spoof legitimate users or create fake teams to trick employees.
Account Compromise
- Weak Authentication: If multi-factor authentication (MFA) is not enforced, attackers can hijack accounts via credential stuffing or phishing.
- Session Hijacking: Stolen session tokens can allow attackers to access without credentials.
Malware & Ransomware Spread
- Attackers can distribute malware through file uploads in chats or channels.
- Compromised accounts can spread ransomware across shared files.
Compliance & Data Retention Risks
- Regulatory Violations: Sensitive data (PII, financial info) shared may violate GDPR, HIPAA, etc., if not properly controlled.
- E-Discovery Challenges: Lack of proper retention policies can lead to data loss or unauthorized access after employees leave.
Third-Party App Integrations
- Malicious or vulnerable third-party apps can expose data or provide backdoor access.
- Over-permissioned apps may access more data than necessary.
Meeting & Call Hijacking
- Unsecured Meetings: Without proper controls, attackers can join private meetings ("Zoombombing"-like attacks).
- Eavesdropping: Unencrypted or intercepted calls can expose confidential discussions.
Insider Threats
- Disgruntled employees may exfiltrate data via chats or file shares.
- Accidental data exposure by employees is a common risk.