But due in part to its ever-increasing popularity, Zoom is now coming under scrutiny for its security and privacy practices.
How can you use Zoom in a secure manner?
- Make sure your computer is secure. Are you using anti-virus software and a firewall? What about a VPN? Make sure no one – including your children – has access to your computer.
- Choose an appropriate plan. Zoom has a HIPAA compliant plan. If you work in healthcare, confirm with your HIPAA consultant whether this is an acceptable solution.
- Turn on end-to-end encryption in the settings by logging into Zoom and going to Settings. Under “In Meeting (Basic)”, turn the Require Encryption setting on. You’ll find other settings on this page as well for private meetings, passwords, and more.
- Use a unique call ID. Don’t re-use the same ID for calls with different people.
- Set a meeting password, which you share with participants ahead of time via a secure channel.
- Set meetings to be private, not public.
- If you can’t trust your participants to not abuse the features, then turn off their ability to share their screen so only you, the host, can share your screen.
- Once all your attendees have arrived, lock the meeting.
- Use a waiting room. No one can enter the call until you let them in. This keeps uninvited participants out.
If you’re still not comfortable using Zoom after familiarizing yourself with its settings, look for an alternative you are comfortable with.
To keep things in perspective, let’s remember:
- Landline phone calls, VOIP calls, and cell phone calls are not secure, either, if you’re not using encryption.
- Email is not secure if you’re not using encryption. That’s why we ask you to share sensitive information with us using services like One Time Secret instead of over email.
- Zoom is in the spotlight, but other programs, like Skype, aren’t any more secure or private. Cisco WebEx was also found to be vulnerable, and was patched.
- Google is used worldwide in all sorts of areas, and is far from secure or private. Did you know that Google reads your emails for advertising purposes, too?
- “In theory, any device or service could be hacked. In fact, security researchers often joyfully pile in on companies that claim their products are “unhackable”.” — Dr. Jessica Barker, Cygenta
- Many news articles are written with the goal of getting as many readers (or “clicks”) as possible. Remember to read critically.
It’s important to think about your organization’s security and privacy.
Concerns about your organization’s security and privacy are completely valid and important. We’re glad you’re keeping security and privacy in mind as you face finding solutions for remote work. But don’t let these concerns paralyze you and prevent you from continuing your good work. Weigh the pros and cons of the system you choose, and find a compromise between security, privacy, and convenience that you can live with. If you feel stuck, consult with a cyber security expert who can help you find the best way forward.