Because of the COVID-19 pandemic, millions of people are now working from home, and schools are holding virtual classrooms. Zoom has become a popular platform for these virtual meetings. The amount of users has grown from 10 million to 200 million in just 4 months.
But the company’s security issues and privacy risks have come into question and it’s drawing a lot of attention. Recent news has been full of reports ranging from Facebook data-sharing to “Zoombombing” where uninvited people attend meetings.
Here is a quick breakdown of what’s going on and our recommendations:
Potential Issues
- “End to End Encryption” isn’t truly end to end, especially when using 3rd party calling solutions (calling into the meeting instead of using computer audio)
- Rooms without passwords have the risk of someone jumping into the room at any time if they can find out or guess the URL to the meeting
- Zoombombing is where an uninvited guest shows up in a meeting and shares their desktop to the rest of the room. They could display inappropriate content or generally interrupt the meeting.
Recommendations
- Always require a password to enter a meeting
- Set the default for who can screenshare to “Host only”
- Always enable a waiting rooms for attendees (then the host needs to allow each person to join the meeting)
- Set all attendees to join with video disabled (they can then manually enable it)
If you are extremely concerned about a lack of true end to end encryption because you are in a highly regulated environment or for personal preferences, we recommend using Webex from Cisco instead. Their prices are reasonable and they have true End to End Encryption.
