Zoom Security

Zoom security & privacy tips

November 8th, 2020 Posted in Information Security

The phrase “Zoom fatigue” became prevalent this year. Other phrases and words like “we’ll zoom”, “I’ll zoom you” and “Zoombombing” became known to us and will probably stay with us. We may not be talking about Zoom when use these words and phrases too. We may be talking about Microsoft Teams, Skype, Google Meet, GoToMeeting, Cisco Webex or many others.

Zoom gained market share and crossed over to personal use as well as professional uses but most significantly this year Zoom did what Google managed to do when they started out, have their own company name become synonymous with an activity.

We know to “Google” something came to mean to use a computer connected to the internet to search for something using a keyboard to type a word or phrase into an internet directory via a web browser to find an answer or suggestion. To “Zoom” has arguably come to mean to have a video conferencing call over a Video Conferencing Application (VCA) with someone or multiple others.

Zoom and the other VCA tools have helped businesses to keep operating and family members to stay in contact during lockdown. they have also given rise to security and data protection concerns.

Zoom security & privacy

Zoom fatigue”, of course, is another way of saying you’re having too many meetings and need some space whereas “Zoombombing” opens the can of privacy worms. There’s purposeful “Zoombombing” and accidental “Zoombombing”, both of which are uninvited guests/gate crashers to your video conferencing call. There have been reports of purposeful gate crashers where hackers enter the room and say some racist language or perform some other action to disturb participants.

Zoom hasn’t showered itself in security glory in other ways too, such as having to fix a bug that allowed hackers to take over a Zoom user’s Mac; thinking it had carte blanch to share data with advertisers (now changed); and also reporting that Zoom calls were end-to-end encrypted when this was found to be wrong.

Zoom security tips

With data protection and information security in mind, below are things to be aware of when using Zoom and similar platforms:

  • Do not publish your Zoom meeting ID on social media (unlike the UK Prime Minister)
  • Set up a password as a barrier to entry
  • Stay vigilant around screen sharing so there isn’t unnecessary data exposure
  • Stay vigilant with your surroundings and think about using the template backgrounds
  • If you have a smart speaker think about turning it off for the duration of a call
  • Make sure you have the latest version of the Zoom Application (or any VCA) on each of the devices where you have the application
  • Familiarise yourself with the privacy and security settings you have available in the VCA making sure admins are sufficiently trained
  • Set expectations or ask participants if they are ok with sessions to be recorded
  • Understand where recordings are kept and whether there may be inadvertent cross-border dataflows which may invalidate customer and client agreements and even a data protection notice
  • Understand what personal data is required to set up a video conference and minimise it
  • Lock a Zoom meeting after all attendees have joined
  • The meeting host can remove participants within a call so make sure you have enabled the setting so that “removed” participants cannot log back in
  • Be aware that as long as users connect audio via “computer audio” and not via mobile device Zoom calls are encrypted (further information on Zoom encryption here)
  • Limit the number of video platforms you use, try to have one as the focus in an organisation
  • Beware of Phishing emails inviting you to calls

Need help?

If you need help with ensuring data protection by design and improving security when working with Zoom or other remote working tools, we can help. Please get in touch if you’d like input or assistance.


Written by James Robson