Zoom, Remote Work, Security, and Privacy

With the current COVID-19 health crisis, a lot of companies and organizations have had to switch to remote work temporarily. Many are scrambling to find solutions to stay in touch and continue to have “face-to-face” meetings. One of the tools that has increased in popularity at the moment is Zoom, a video conferencing program. Its free tier allows users to include up to 100 participants for up to 40 minutes. This free version makes it an easy solution for teachers and students, organizations with limited budgets, and companies who need to make a quick transition.

But due in part to its ever-increasing popularity, Zoom is now coming under scrutiny for its security and privacy practices.

Click here to skip straight to the steps you can take to use Zoom securely.

Security concerns

Some recent reports cite Zoom’s past security failings. These have since been remedied, a fact often ignored in the current reports. Such reports also tend to show a faulty understanding of how to use Zoom’s settings. In this example from PC Mag, the “Zoom-bombing” described occurs because the call initiator has allowed all users to share screens, and some of the invited users abuse the privilege. Screen sharing is a feature of the program, not a security issue. If users shouldn’t be allowed to share their screens, the call host can turn that setting off.
 
In response to some of these attacks on its security, Zoom provides information on how to keep uninvited guests out of your calls.
 
Others point out that Zoom’s definition of end-to-end encryption is not quite the same as that of others in the cybersecurity business. MacRumors says, “Technically, Zoom’s in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.”

 

Privacy concerns

Others object to Zoom’s sending information to Facebook. Facebook’s “shadow profiles,” came to light in 2018. Many of the websites you visit every day do the same. The fight for personal privacy is ongoing, and widespread. We should be able to opt out of this type of information sharing, and the European Union has taken steps in this direction with the GDPR. But in 2020, in the rest of the world, the fight continues – and that’s true across the board.
 
Regardless of what other companies continue to do, as of March 27th, Zoom has removed the “log in with Facebook” feature which means sharing data with Facebook has stopped.
 
The EFF finds that this is a privacy issue: “Hosts of Zoom calls can see if participants have the Zoom window open or not, meaning they can monitor if people are likely paying attention.” Is it, or isn’t it? If you’re in a group meeting in person, your boss can also tell if you’re paying attention or not.

How can you use Zoom in a secure manner?

Familiarize yourself with its settings. For general conversations without sensitive information, adjust your settings as appropriate.
 
  • Make sure your computer is secure. Are you using anti-virus software and a firewall? What about a VPN? Make sure no one – including your children – has access to your computer.
  • Choose an appropriate plan. Zoom has a HIPAA compliant plan. If you work in healthcare, confirm with your HIPAA consultant whether this is an acceptable solution.
  • Turn on end-to-end encryption in the settings by logging into Zoom and going to Settings. Under “In Meeting (Basic)”, turn the Require Encryption setting on. You’ll find other settings on this page as well for private meetings, passwords, and more.

  • Use a unique call ID. Don’t re-use the same ID for calls with different people.
  • Set a meeting password, which you share with participants ahead of time via a secure channel.
  • Set meetings to be private, not public.
  • If you can’t trust your participants to not abuse the features, then turn off their ability to share their screen so only you, the host, can share your screen.
  • Once all your attendees have arrived, lock the meeting.
  • Use a waiting room. No one can enter the call until you let them in. This keeps uninvited participants out.

If you’re still not comfortable using Zoom after familiarizing yourself with its settings, look for an alternative you are comfortable with.

To keep things in perspective, let’s remember:

It’s important to think about your organization’s security and privacy.

Concerns about your organization’s security and privacy are completely valid and important. We’re glad you’re keeping security and privacy in mind as you face finding solutions for remote work. But don’t let these concerns paralyze you and prevent you from continuing your good work. Weigh the pros and cons of the system you choose, and find a compromise between security, privacy, and convenience that you can live with. If you feel stuck, consult with a cyber security expert who can help you find the best way forward.

Like it? Share it!

FacebooktwitterredditlinkedinmailFacebooktwitterredditlinkedinmail

Alisa Cognard

Alisa was one of the first team members to join Red Earth Design, Inc. in early 2004. From data entry, she progressed to MySQL database manipulation and PHP coding. Alisa is responsible for all kinds of odds and ends: installing new websites, adding features to them, programming databases, PHP coding, website troubleshooting, website security, and organizational tasks for Red Earth Design.

Leave a Reply

Your email address will not be published. Required fields are marked *