In today’s environment, many companies are using video conferencing, web conferencing and chat platforms to communicate with their teams, clients and prospects over face-to-face meetings, especially with the current Coronavirus pandemic. But does Zoom pose a security risk to your business?
Firstly, let’s look at what it is.
What is Zoom?
Zoom revolutionises the way teams collaborate whether you’re connecting multiple conference rooms or adding remote attendees, meeting face to face is as simple as a single touch. Zoom mobile and desktop apps bring together a whole new experience with built-in group chat.
So, what are the security risks of using free-to-download platforms?
Like many free-to-download platforms, not all of them are secure and could put your business in breach of its legal obligations when it comes to data protection. This applies especially to tools which are used to store or share content, or which enable teams to communicate.
What are the security risks of using Zoom?
The number of businesses using Zoom is increasing, and the media have highlighted recent examples of where problems have arisen. Some of these include: –
- Zoom bombing – there have been several cases where hijackers have taken over video calls and shared explicit/offensive images and have shouted out personal information to those on the call.
- Visible meeting information – On Tuesday (31st March 2020), the UK Prime Minister Boris Johnson raised security concerns when he shared a picture of the Zoom meeting on his social media which included the meeting ID. Thankfully the meeting was password protected which stopped people eavesdropping on the video call.
- Meeting ID scanning – some intruders have randomly entered 9-digit numbers into Zoom until they have eventually found one that works to gain access to someone else’s meeting.
- Domain spoofing – many zoom-related phishing scams have been sent out in recent weeks.
- Data leakage – users of Zoom on the iOS app was secretly sharing data with Facebook, and now another problem has come to light where your Windows sign-in credentials could be stolen.
Steps to take if you’re using Zoom
If you’re already using Zoom, we have outlined some security steps you can take.
- Ensure meetings/classrooms are private.
- Ensure a password is required to join the meeting.
- Enforce the meeting room function that keeps all attendees in a waiting room to control the guests accessing the call ahead of it beginning. You can also disable “join before host” to enforce this feature.
- Do not share conference details on social media. Provide attendees with a specific link directly. If you do share photos of the meeting, make sure the ID is not visible.
- Manage screen-sharing options, ensure the screen sharing to ‘Host Only.’
- Ensure your Zoom client is up to date. In January, Zoom rolled out a security update that added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Do not use the personal meeting ID, instead allow Zoom to create a random number for each meeting.
- Disable file transfer where possible.
- Disable “allow removed participants to re-join”.
- We would recommend not using IOS devices when hosting private or confidential calls or videos.
Implementing the suggestions above should improve your business security while using Zoom.
Depending on your business and sector, some regulations mean your business communications have to take place in a completely secure environment. For this reason, we would recommend Microsoft Teams. To find out more about Microsoft Teams and Zoom, download our comparison guide.