Zoom Security – updated for 2022
The phrase “Zoom fatigue” became prevalent during 2019 when the COVID-19 pandemic hit and workforces all over the globe started working remotely. Other phrases and words like “we’ll zoom”, “I’ll zoom you” and “Zoombombing” became known to us and will probably stay with us. However, we may also be referring to Microsoft Teams, Skype, Google Meet, GoToMeeting, Cisco Webex or many other video meeting platforms.
Zoom gained market share and crossed over to personal use as well as professional uses but most significantly in 2019, Zoom did what Google managed to do when they started out, have their own company name become synonymous with an activity.
We know to “Google” something came to mean to use a computer connected to the internet to search for something using a keyboard to type a word or phrase into an internet directory via a web browser to find an answer or suggestion. To “Zoom” has arguably come to mean to have a video conferencing call over a Video Conferencing Application (VCA) with someone or multiple others.
Zoom and the other VCA tools helped businesses to keep operating and family members to stay in contact during the lockdown and are still used widely today. Organisations worldwide are still supporting, on average, double the number of remote workers in contrast to pre-pandemic stats with no return to those levels in sight. The recent “State of Cyber Security 2022” survey by Splunk stated that organisations expect in a year’s time, 41% of their workforce will remain in remote roles.
But just as the digitalisation of operations across all sectors has risen tenfold, it has also given rise to security and data protection concerns.
Zoom security & privacy
“Zoom fatigue”, of course, is another way of saying you’re having too many meetings and need some space whereas “Zoombombing” opens the can of privacy worms. There’s purposeful “Zoombombing” and accidental “Zoombombing”, both of which are uninvited guests/gate crashers to your video conferencing call. There have been reports of purposeful gate crashers where hackers enter the room and say some racist language or perform some other action to disturb participants.
Zoom hasn’t showered itself in security glory in other ways too, such as having to fix a bug that allowed hackers to take over a Zoom user’s Mac; thinking it had carte blanch to share data with advertisers (now changed), and also reporting that Zoom calls were end-to-end encrypted when this was found to be wrong.
Zoom security tips
With data protection and information security in mind, below are things to be aware of when using Zoom and similar platforms:
- Do not publish your Zoom meeting ID on social media (unlike the UK Prime Minister)
- Set up a password as a barrier to entry
- Stay vigilant around screen sharing so there isn’t unnecessary data exposure
- Stay vigilant with your surroundings and think about using the template backgrounds
- If you have a smart speaker think about turning it off for the duration of a call
- Make sure you have the latest version of the Zoom Application (or any VCA) on each of the devices where you have the application
- Familiarise yourself with the privacy and security settings you have available in the VCA making sure admins are sufficiently trained
- Set expectations or ask participants if they are ok with sessions to be recorded
- Understand where recordings are kept and whether there may be inadvertent cross-border dataflows which may invalidate customer and client agreements and even a data protection notice
- Understand what personal data is required to set up a video conference and minimise it
- Lock a Zoom meeting after all attendees have joined
- The meeting host can remove participants within a call so make sure you have enabled the setting so that “removed” participants cannot log back in
- Be aware that as long as users connect audio via “computer audio” and not via mobile device Zoom calls are encrypted (further information on Zoom encryption here)
- Limit the number of video platforms you use, try to have one as the focus in an organisation
- Beware of Phishing emails inviting you to calls
Click either graphic below to download your free PDF:
We also have more tips for secure home working which you can download for free.
If you need help with ensuring data protection by design and improving security when working with Zoom or other remote working tools, we can help. Please get in touch if you’d like input or assistance.
GET IN TOUCH "*" indicates required fields
Quick Enquiry Form
"*" indicates required fields