Zoom Addresses Security Shortcomings, But Users Should Always be Careful

Remote workers have an increasing number of tools to allow them to remain productive as COVID-19 concerns force them out of their office due to social distancing requirements. Yet many newly remote workers are finding unexpected problems in their new world as they adopt new technologies such as Zoom. Take a moment to learn how to keep your Zoom meetings safe and give your remote workers the tools they need to remain productive.

Zoom Security Concerns

Like so many companies before them, Zoom released their product not understanding how average users treat security. Zoom was released as Patrick Wardle, a security researcher noted, without "Things you just would like to have in a chat and video application — strong encryption, strong privacy controls, strong security — just seem to be completely missing." The result of these missing features caused Zoom meetings to be vulnerable to ‘Zoombombing’.

Zoombombing occurs when a Zoom meeting/conference is interrupted by a person(s) displaying pornographic and/or hate images and using threatening language. As you can imagine it can be a harrowing experience and many organizations, in particular schools, are banning Zoom meetings. In fact, while the perpetrators of this behaviour may consider it ‘harmless’ fun, depending on the content shown, some law enforcement agencies will treat Zoombombing as a crime.

The result of these shortcomings is that Zoom users have received a rare warning from the FBI concerning Zoom’s vulnerabilities, and of teleconferencing and online classroom hijacking during the COVID-19 pandemic. Unfortunately, Zoom isn’t the first product used by the general public which failed to enact best practices in regard to security and privacy. Previously, we discussed practicing healthy password habits in regard to Ring video security cameras which were being hacked. Ring suffered from the same issues Zoom is having now; a lack of security out of the box, instead relying on users to enact best practices themselves. 

To be fair, when Zoom was conceived, it was designed to be used by enterprise level organizations with in-house IT departments. These organizations usually have a robust security policy already in place; hence Zoom didn’t include strong protections out of the box (although in today’s cybersecurity-conscious environment, it’s hard to justify their lack of insight). In fact, their CEO Eric Yuan, acknowledges their shortcomings regarding security in his message to Zoom users.

What Zoom didn’t expect (and who could) was a pandemic that would push millions of workers into their homes, due to social distancing. Newly remote workers who in turn, turned to Zoom due to its ease of use, to continue to communicate with their team and customers. Unfortunately, these remote workers are average users who are notorious for not paying attention to security settings or a lack of them. While this issue brought needed attention to Zoom’s lack of security, it also highlighted the importance of training your team. It’s important to give your team a guide to effectively working remotely.

Tips To Make Your Zoom Meetings More Secure

While Zoom has closed some of the security holes they have and are focusing on making their product more secure, here are some steps you can take to increase your current security while using Zoom according to the FBI:

• Do not make meetings or classrooms public. There are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted, publicly available social media post. Provide the link directly to specific people.
• Manage screen sharing options. Make sure to change screen sharing to “Host Only.”
• Ensure users are using the updated version of Zoom remote access/meeting applications. In the latest update, passwords are added by default for meetings and the ability to randomly scan for meetings to join is disabled.
• Ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Gain Access To Enterprise Level Support

Zoom’s missteps seem to reinforce the idea that high-level technology is only something  enterprise level organizations can take advantage of, and beyond the access of small to medium-sized businesses. This can’t be further from the truth. Directive’s managed IT solutions are flat-rate and preemptive, bringing enterprise-level services within the reach of SMBs, particularly cybersecurity protection.

First and foremost, we keep IT security top of mind and offer a wealth of services to help you manage your IT. Finally, during this difficult time due to COVID-19, we are constantly providing tips and tools to help your business and team be productive. In fact, here’s a list of our coronavirus and COVID-19 focused blogs, and we’ll continue to provide you with up-to-date information and best practices to help keep you informed during this trying time.

We also have alternative solutions to Zoom available that we have been using and suggesting to our clients for years.

If you’re interested in learning more about productivity suites such as G Suite and Office 365, or IT services including remote working, disaster planning  or to just schedule a free IT consultation, call 607.433.2200 today.