You probably shouldn’t use Zoom; here’s why
Coronavirus has forced many businesses around the world to address remote working. Overnight, video conferencing apps have become household names. The biggest name right now is Zoom. It’s been in the news a lot, and it’s not all for good reasons.
Relatively unheard of outside of business circles until now, Zoom is a cloud-based video conferencing app that caters to business. It has its good points:
- Easy to setup
- Easy to use
- The basic version is free and lets up to 100 people join a meeting
But it’s fraught with potential risks for your business that you need to understand before using this platform for your conference calls.
Zoom works on a simple premise: a meeting host sets up a call and the app generates a random 9-11-digit code to send to those you want to conference with.
Until very recently this was only thing needed to join a meeting. Someone outside your organisation could enter your chatrooms, collect confidential information, disrupt the meeting or in the worst cases, show extremely distressing and illegal content.
It happened with such regularity that there is a term for it – ‘Zoom bombing’.
Zoom has taken steps to cut down on this behaviour by adding waiting areas to meetings, and setting meeting passwords, but it is disappointing that in 2020 it takes such a high-profile dressing down to prompt Zoom to add such basic security measures such as a password!
With the rest of the world moving towards better security like two-factor authentication and biometrics, it is worrying to see that the default was (until very recently) open access meetings.
They collect a lot of personal data on you such as user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload.
“Does Zoom sell Personal Data? Depends what you mean by “sell.” We do not allow marketing companies, or anyone else to access Personal Data in exchange for payment. Except as described above, we do not allow any third parties to access any Personal Data we collect in the course of providing services to users. We do not allow third parties to use any Personal Data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Marketplace. So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.” – SecurityBoulevard April 3rd 2020
Which sounds like a carefully worded, ‘I do what I want’.
Is Zoom Malware?
Some IT security experts have compared some of Zoom’s practices to malware.
Two bugs found in the Zoom software allowed malicious users to take control of a vulnerable Mac, and gain access to the whole computer (we understand this has since been patched).
An issue with sending Zoom URL links put peoples’ Windows passwords at risk.
The app has something called ‘attention tracking’ allowing employers hosting a meeting to check which employees clicked away from Zoom for more than 30 seconds – which seems a bit ‘Big Brother’ to me.
Zoom just doesn’t seem to care (well, they care now but it feels like they have been forced into it)
We have touched on a few of the issues, the tip of iceberg, of all the things that’s gone wrong for Zoom recently, and it’s only been 2 months since people started using it in earnest.
In addition to this general sense of poor practice, it turns out that we have been misled about the security the product does have! Zoom recently claimed to provide ‘end-to-end encryption’ – which it doesn’t. – theintercept March 31st 2020
With Zoom hitting the headlines in bad ways, there have been repercussions for the company.
Google banned its staff from using it, and blocked the use of it on their Google provided equipment. – Businessinsider April 8th 2020
A few other small companies and countries that have also banned, heavily regulated and advised against using the platform are:
- Elon Musk’s Space X – Business insider April 2nd 2020
- New York City Department of Education – Techcrunch April 5th 2020
- Indian Government – Techradar 17th April 2020
- Taiwan Government – BBC News April 7th 2020
- Parts of the German Government – Techradar 6TH April 2020
One of Zoom’s own investors is suing them, for concealing the truth about the platforms security. –Computerworld April 9th 2020
As well as being probed by 3 different states in the US. – CNBC April 3rd 2020
Alternatives to Zoom
Luckily there are lot of alternatives to Zoom that businesses can use. We as a company like to recommend Microsoft Teams. It has:
- Full integration with all other Microsoft apps and third-party Microsoft Store apps. MS Teams users report experiencing fewer workflow problems.
- Far greater security protections for all members of the team. Companies can decide who can and cannot attend a Teams meeting, and enforce password strength and even 2-factor authentication to Teams logins (great if you have security policies to abide by!).
- Even when permitted access to a meeting, the host may control who may post what content through assigning ‘presenter’ and ‘attendee’ status.
- Teams also has a free version which, while limited, still allows users Unlimited Chat & Search, Video calling, Team & Personal File Storage and collaboration with Office.
If you are not using Microsoft’s services currently, and are just looking for video conferencing (rather than a fully integrated app suite) we would recommend Cisco Webex as another alternative to Zoom, and they also have a free version.
If you would like help and information for the right video conferencing tool for you company, do not hesitate to give our experienced team a call.