With the COVID-19 pandemic forcing people into their homes, video conferencing tools like Zoom saw a rise in popularity, finding use in schools, companies and governments, most famously UK’s cabinet meetings.
However, for Zoom, that ubiquity turned out to be a double-edged sword. With all of Zoom’s utility and usability, the spotlight also illuminated Zoom security. Particularly where they fell short.
Why Is Zoom The Best Solution For Online Meetings?
Before we dive any deeper, it’s important to preface the topic at hand by mentioning that Zoom is the best video conferencing tool out there. As soon as the opportunity for online meetings and video conferences presented itself, Zoom’s popularity skyrocketed, leaving heavyweight competitors like Google and Microsoft in the dust, which says a lot about Zoom.
Although it’s hard to put your finger on exactly what makes Zoom better than its competition, we have seen a trend of preferences among the growing users. The surge in Zoom’s popularity is owed to the consumer users that have found use in Zoom for school classes and communication with friends and family while self-isolating, working and studying from home during the lockdown.
These consumer users prefer Zoom because it’s easy to use and free for 40-minute sessions. It also comes with built in filters and virtual backgrounds which means you can look your best without much effort and join a meeting from anywhere. Also, Zoom just has a fairly intuitive user interface overall, which may be the most important contributing factor. Starting and joining meetings is a simple and easy process with very few steps involved.
When it comes to business and corporate users, the benefits go on. Corporate users consistently find Zoom to be providing better call quality. There have been cases where businesses used two or more softwares in tandem, one for an audio call and another for video or screen sharing. However, they switched to Zoom, finding a frictionless audio and video communication experience with considerably lesser delay. Zoom also allows you to record your meetings, which is of particular interest to corporate users. You can refer to the meetings in the future, which is especially helpful when you’re working from home.
However, despite all its strengths, Zoom found itself under scrutiny. You may have come across plenty of headlines about Zoom security.
Everyone’s talking about Zoom security issues
Initially, Zoom was intended for large enterprises with dedicated IT support, and a little bit of lost Zoom security in exchange for ease of use made sense in that market. In fact, Zoom security issues only saw the light of day when it was adapted by the consumer users. Zoom’s CEO Eric. S. Yuan admitted that the surge in users was unanticipated and they were not prepared.
One of the most prominent Zoom security flaws was its Meeting ID, which resulted in a phenomenon dubbed the ‘Zoombombing.’ Zoom’s Meeting IDs have been fairly predictable because they followed a pattern of generating Meeting IDs which allowed pranksters and troublemakers to guess the right pattern and find their way into any meeting. This brings us to the next Zoom security issue: anyone can get in a meeting. By default, the meetings have not been password protected which means as long as you have the right Meeting ID, you can get in a meeting. Many pranksters made their way into meetings – online classes and corporate meetings alike – and displayed graphic and offensive content, making Zoombombings the most concerning Zoom security breach.
Recorded meetings weren’t all that safe either. Zoom had a standard naming system for their recorded meetings too, which means they were also one guess and a google search away.
However, it’s important to assert that it’s unfair to come down on Zoom so hard. When you think about it, Zoom security flaws are nothing out of the ordinary. A company’s growth, especially as quick a growth as Zoom’s, is not all smooth sailing. It comes with plenty of hurdles and challenges, and Zoom has had their fair share. And if you think that Zoom is the only video conferencing tool with skeletons in its closet, you might want to think again.
How is Zoom combating security challenges?
As we’ve established, the surge in Zoom’s popularity is not from their target market. Regardless, they are working tirelessly to fix as many Zoom security flaws and privacy issues as possible, to comfortably accommodate the growing users. In fact, Zoom redirected all their engineering resources from developing new features to focus on fixing Zoom security issues and privacy concerns in a 90-day plan.
Many of the Zoom security flaws have been addressed in the new 5.0 update. Now, meetings are password protected by default. In fact, admins can even define the complexity of the password. In the same vein, Zoom’s existing Waiting Room feature is also on by default, giving the host the liberty to admit individual users into the meeting.
But that’s not all. Meeting hosts can also choose to not allow the meeting participants to share their screens or even chat. So just in case some wolf does manage blow down the brick wall, they would still not be able to vandalize the meetings with graphic and offensive content. These updates effectively put the Zoom security breach, Zoombombing, behind us.
The 5.0 update also empowers the host to boost Zoom security on the fly during a meeting. All the Zoom security features are now grouped together in the Security icon. To top it off, the Meeting ID is no longer displayed on the meeting window.
Finally, to deliver on their promise of end-to-end encryption, Zoom has acquired the security company Keybase. We can rest assured that Zoom has put our security and privacy first and have done a commendable job of showing it.
You can avoid Zoom security risks
It is imperative to understand that, while it seems like Zoom has taken care of everything, the ball is still in your court to prevent Zoom security breach at your end. Here are some things you can do:
- The aforementioned features are turned on by default in the new 5.0 update, but only for some paying users - education, Basic, and single-license Pro accounts. Make sure you protect your meeting with a strong password, enable waiting room and disable screen sharing for meeting participants. This way you can make sure that only those who were invited to the meeting are joining and you can prevent any uninvited attendees from joining and vandalizing the meeting.
- Always generate a random meeting ID instead of using your Personal Meeting ID. This, again, ensures that only the people invited to the meeting are able to join. If you use your Personal Meeting ID, anyone who knows it can join the meeting, whether they were invited or not.
- Links are dubious, especially with Zoom starting off on the wrong foot. Invite participants through Meeting ID and password instead of sharing the link, so they can be confident that it’s the real deal and not someone trying to play them.
- You, as the host, should always be the first one to join the meeting. If not, the first participant to join the meeting assumes the role of the host and gets the controls. Zoom lets you choose whether you want to let participants join before you. And you shouldn’t want to.
- You can lock down the meeting at any point, not allowing any more users to enter. You should lock down the meeting as soon as all the invited participants have joined.
- You may need a helping hand to avoid Zoom security risks. Elect someone as co-host to help you control the meeting and keep it free from a Zoom security breach.
- If you accidentally let someone in the meeting who wasn’t supposed to be there, or if a participant is being particularly disruptive, you can kick them out of the meeting. You can also choose to not let them rejoin the meeting after being removed. Take advantage of this feature.
- You can further cut down the Zoom security risk by avoiding sharing files over Zoom. Instead, go for Dropbox or Google Drive.
- Finally, trust Zoom. They are doing everything they can to answer complaints and give you the most secure experience possible. Keep checking for updates and make sure that your Zoom application is up-to-date.
You can take your Zoom security a step further with VIDIZMO
We understand that to make the most of video conferencing and working from home in this challenging time, it is essential to be able to record meetings and revisit them upon need, to simulate a normal working environment as closely as possible. When you don’t have your coworkers right there to help you recall the conversation, the best you can have is a recording of the meetings that you can then watch later.
However, this would only work if you could be confident that your recorded meetings, and any sensitive information within, are safe and secure, out of reach of unauthorized people. With its integration with Zoom, VIDIZMO can pull your recorded Zoom meetings and store and share them behind VIDIZMO’s robust security policies, which are customizable for specific business requirements.
While most meetings are confidential, you may have certain meetings that you would want to share with the public. You can select, for each individual recording, whether you want only registered users – typically company's employees – to have access to it or you want the general public to be able to view it too.
Apart from that, even within employees, you may not want all of them to have access to a certain recorded meeting. For example, you may not want the marketing department to have access to a meeting among the HR personnel. On VIDIZMO, you can choose specific users and groups that can view each recorded meeting and protect it with a password.
Furthermore, you can maintain your company’s hierarchy on your VIDIZMO portal with Role-Based Access Control (RBAC). VIDIZMO assigns each registered user a role based on the actions they can perform. You can select which roles can view certain recorded meetings. This would come in handy when you don’t want employees to have access to meetings among managers or directors, for instance.
VIDIZMO takes it a few steps further. You have the option to set an expiration date on any recorded meeting you share on the portal, further ensuring that only relevant people view it within a relevant period. Registered users can be logged out automatically after an interval of your choosing, upon which they have to login with their credentials again, making it unlikely that just anyone could access registered accounts.
You can even restrict access in certain locations which makes sense for governmental meetings which you would not want to be accessible outside your own geographical areas, or certain location where diplomats may be residing.
VIDIZMO gives you a transparent look into the activities performed in your portal by registered or unregistered users so you can keep track of how your recorded meetings are being interacted with. You can keep an eye out for any unauthorized activity with VIDIZMO’s Audit Log.
Finally, in VIDIZMO, you have control over how and when your content gets published on your portal. You could either have it ingested automatically or upload a local recording at your leisure. There are circumstances where you would not want to share the entire recorded meeting. For instance, you may want to trim out any small talk in the meeting or share a particular instance. VIDIZMO comes with a built-in clipping tool for you to edit your recorded Zoom meeting before ingestion, all in the same window.
Zoom is an excellent video conferencing tools and they are going to great lengths to resolve all the Zoom security and privacy concerns their users have.
Even with their new 5.0 update, there is still plenty that you, as users, can do to make sure that you have the most secure Zoom experience.
If you are particularly concerned about secure storage and sharing of your recorded Zoom meetings, VIDIZMO’s fully-packed platform offers you near-perfect security.
To learn more about VIDIZMO’s offerings, contact us.
REMINDER: Stay at home, maintain safe physical distance and wash your hands with soap for at least 20 seconds. Stay safe against COVID-19.