Zoom how safe is it?

You probably shouldn’t use Zoom; here’s why

 

Coronavirus has forced many businesses around the world to address remote working. Overnight, video conferencing apps have become household names. The biggest name right now is Zoom. It’s been in the news a lot, and it’s not all for good reasons.

Relatively unheard of outside of business circles until now, Zoom is a cloud-based video conferencing app that caters to business. It has its good points:

  • Easy to setup
  • Easy to use
  • The basic version is free and lets up to 100 people join a meeting

But it’s fraught with potential risks for your business that you need to understand before using this platform for your conference calls.

Zoom bombing

Zoom works on a simple premise: a meeting host sets up a call and the app generates a random 9-11-digit code to send to those you want to conference with.

Until very recently this was only thing needed to join a meeting.  Someone outside your organisation could enter your chatrooms, collect confidential information, disrupt the meeting or in the worst cases, show extremely distressing and illegal content.

It happened with such regularity that there is a term for it – ‘Zoom bombing’.

Zoom has taken steps to cut down on this behaviour by adding waiting areas to meetings, and setting meeting passwords, but it is disappointing that in 2020 it takes such a high-profile dressing down to prompt Zoom to add such basic security measures such as a password!

With the rest of the world moving towards better security like two-factor authentication and biometrics, it is worrying to see that the default was (until very recently) open access meetings.

‘Privacy’ policy

There is also Zooms privacy policy, which seems less than…yeah.

They collect a lot of personal data on you such as user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload.

Previously their privacy policy stated:

 “Does Zoom sell Personal Data? Depends what you mean by “sell.” We do not allow marketing companies, or anyone else to access Personal Data in exchange for payment. Except as described above, we do not allow any third parties to access any Personal Data we collect in the course of providing services to users. We do not allow third parties to use any Personal Data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Marketplace. So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.” – SecurityBoulevard April 3rd 2020

Which sounds like a carefully worded, ‘I do what I want’.

As of the 29th March 2020, Zoom has thankfully updated its privacy policy  away from this, but they are still collecting an awful lot of information on you. What are they doing with it? What do they need it for? Who are they not ‘selling’ it to?

Is Zoom Malware?

Some IT security experts have compared some of Zoom’s practices to malware.

Two bugs found in the Zoom software allowed malicious users to take control of a vulnerable Mac, and gain access to the whole computer (we understand this has since been patched).

An issue with sending Zoom URL links put peoples’ Windows passwords at risk.

The app has something called ‘attention tracking’ allowing employers hosting a meeting to check which employees clicked away from Zoom for more than 30 seconds – which seems a bit ‘Big Brother’ to me.

Zoom just doesn’t seem to care (well, they care now but it feels like they have been forced into it)

We have touched on a few of the issues, the tip of iceberg, of all the things that’s gone wrong for Zoom recently, and it’s only been 2 months since people started using it in earnest.

In 2020, in the field of business video conferencing, security needs to be the number one priority.  Zoom’s sketchy privacy policy, slowness to fix serious bugs and failure to implement the very basic security measures demonstrate a lack of commitment to security.

In addition to this general sense of poor practice, it turns out that we have been misled about the security the product does have! Zoom recently claimed to provide ‘end-to-end encryption’ – which it doesn’t. – theintercept March 31st 2020

Repercussions

With Zoom hitting the headlines in bad ways, there have been repercussions for the company.

Google banned its staff from using it, and blocked the use of it on their Google provided equipment. – Businessinsider April 8th 2020

A few other small companies and countries that have also banned, heavily regulated and advised against using the platform are:

One of Zoom’s own investors is suing them, for concealing the truth about the platforms security. –Computerworld April 9th 2020

As well as being probed by 3 different states in the US. – CNBC April 3rd 2020

Alternatives to Zoom

Luckily there are lot of alternatives to Zoom that businesses can use. We as a company like to recommend Microsoft Teams. It has:

  • Full integration with all other Microsoft apps and third-party Microsoft Store apps. MS Teams users report experiencing fewer workflow problems.
  • Far greater security protections for all members of the team. Companies can decide who can and cannot attend a Teams meeting, and enforce password strength and even 2-factor authentication to Teams logins (great if you have security policies to abide by!).
  • Even when permitted access to a meeting, the host may control who may post what content through assigning ‘presenter’ and ‘attendee’ status.
  • Teams also has a free version which, while limited, still allows users Unlimited Chat & Search, Video calling, Team & Personal File Storage and collaboration with Office.

If you are not using Microsoft’s services currently, and are just looking for video conferencing (rather than a fully integrated app suite) we would recommend Cisco Webex as another alternative to Zoom, and they also have a free version.

If you would like help and information for the right video conferencing tool for you company, do not hesitate to give our experienced team a call.

Contact Tai on 0345 450 7876