The short answer to this is – maybe 🙂 . If you have paid attention to the news (and who hasn’t in the last few weeks) you are probably aware of some significant security concerns with Zoom conferencing software and related services. However the question many people have is – how concerned should I be and how do I secure it?
In a nutshell here are the main risks that have been brought up ;
In order of the risks listed;
– Zoombombing – this was exploited by either not having a password for the meeting set or sharing the password publicly. Zoom has since made it the default for all meetings to have a password assigned. Unless you remove the password manually in the meeting setup, you should be OK.
The second part of this is if you share your meeting publicly, anyone will automatically have the password. We get it… sometimes you want to host a public meeting that anyone can join. For those instances Zoom has the ability to require registration to attend the meeting. This means that all users must give you their information to attend.
In addition to this you can enable the “Waiting Room” feature that puts all attendees in a virtual waiting room that requires you to manually admit them to the conference. While there is still the potential for a malicious attendee to register and join the meeting through the waiting room – it removes the conference as “low hanging fruit” for those wanting to disrupt.
– Potential for Windows credentials to be leaked – This vulnerability stems from a malicious attendee enticing others to click on a link in the chat window of a Zoom conference. The simplest way to address this is make sure(just as you would with email, online platforms, texts etc.) that you don’t click on links that are unexpected or from users you don’t know. There are some backend fixes that your I.T. department can deploy but seriously – don’t click on things that you don’t know what they are 🙂
– No end to end encryption of calls. Unfortunately at this point that is still a limitation of the Zoom platform. What this means is that there is the POTENTIAL for your call to be intercepted at the Zoom hub – but not by any other point in between. While the chances of that are very limited, the possibility does exist and given the discovery that some calls were recently routed through China, it is cause for concern for any complex security requirement or organizations with sensitive information on the calls.
– Unintended/unwanted software installed with Zoom. Again this goes back to the platform itself and a function of the actual installer. Zoom, for the most part, since there has been a heightened awareness of security concerns, is addressing those concerns daily and has committed to making security one of its priorities for the next few months.
These are normal security recommendations but have become more and more important as it relates to securing whatever video conferencing solution you are using;
While with any software solution that has explosive growth like Zoom has had over the last 30 days – there are bound to be security issues raised with the increased usage and focus. Nothing is 100% secure nor will it ever be.
But each organization must make the decision to weigh the risks associated with tools and platforms they will use. Fortunately there are several very robust video conferencing solutions available;
Microsoft Teams – The good news is that if you are already an Office 365 subscriber, your subscription most likely already includes this very powerful messaging and conferencing solution. If you are not an Office 365 subscriber yet – you can get a free trial account for 6 months. If you don’t want the whole Office suite – Microsoft Teams by itself has a free version as well.
Cisco Webex – Webex has been in the video conferencing game for a long time and has a TON of features. Now Webex has a free account that covers you up to 100 attendees with no time limits on the conference.
Google Meet – If you are a Google G Suite or G Suite for Schools user – now Google Meet is free until September 30th 2020.
The good news is that while there may be some security concerns around any software, the ease of use and availability of video conferencing has enabled millions of users to work from anywhere and most importantly, enabled many of us to work from home safely. So hats off to all video conference providers for keeping our businesses and organizations running and working from anywhere! With some good security practices and attention to detail – you CAN work remotely and get through these unprecedented times!
As always, if you have questions or concerns, DaZZee is here for you. :