Navigating Zoom Security & Privacy Risks in the Remote Work Era
Over the last few years, the adoption of remote work and virtual communication has dramatically accelerated, and for many of us, they look to remain a significant part of the way we work in the future. Whether that’s working or studying 100% remotely or through some hybrid model of remote work and office or class time, Zoom looks set to become a piece of digital office furniture just like MS Office or Google Drive has in the past.
However, the app is not without its drawbacks, and thanks to its meteoric rise over the past few years, it has found itself vulnerable to a range of security risks that have put cybersecurity teams on alert. Here, we discuss some of those security issues, how to stay safe when using Zoom, and look at a range of alternatives if your organization feels that the existing Zoom security protocols are not up to your standards. Read on to learn more about whether Zoom is secure and how you can avoid the most common security issues using targeted cyber security awareness training for employees
What Is Zoom?
Zoom is a video and audio-conferencing software that allows people to communicate with one another remotely, providing a platform for virtual meetings, webinars, and online classes. Available either through the web or as a downloadable app for computers and mobile devices, Zoom allows participants to join a meeting from any location, as long as they have a reliable internet connection and a device with a camera and microphone.
The software offers a range of features, including screen sharing, recording, virtual backgrounds, and breakout rooms, and participants can also chat with one another during the meeting, and the host can mute or unmute participants as necessary. These features, alongside reliable video and audio communication, have made Zoom a popular business app, particularly as colleagues and clients have switched to remote working. Today, it is used by businesses, educational institutions, and individuals worldwide to stay connected while working remotely.
Potential Zoom Security Risks
The rise of Zoom over the past five years has made it low hanging fruit for cybercriminals, and while Zoom can generally be considered secure, there have been significant issues which, if not guarded against, can become serious problems for cybersecurity teams. For example, in January 2023, fake Zoom apps were being distributed by cybercriminals to deliver malware, and once istalled a banking trojan attempted to steal sensitive payment information. Back in August 2022, there was also an issue with Zoom installed on macOS systems where cybercriminals could take control of the operating system and cause havoc.
Like most digital services in the 21st century, Zoom has been quick to act on issues such as the above, creating patches, updating software, and raising awareness surrounding the download of their app. However, there are still some common issues Zoom users face that are difficult to stop without user vigilance. These include:
- Uninvited guests – Zoom meetings can be vulnerable to "Zoombombing," where uninvited guests join a meeting and disrupt it with inappropriate content or by sharing their screens. This can be prevented by using the meeting ID and password, as well as the waiting room feature to approve participants before they join.
- Malware and phishing attacks – Hackers may use Zoom to send malicious links or files that can infect devices with malware or steal personal information. This risk can be minimized by only clicking on links or files from trusted sources and keeping anti-virus software up to date.
- Privacy concerns – Zoom has faced criticism for its privacy policies, which have been updated in response to concerns raised by users. It is important to review the platform's privacy policies and settings to ensure that you are comfortable with how your personal data is being used.
- Encryption – There have been concerns about the level of encryption used by Zoom, which has been updated to provide more secure encryption. However, there are still some concerns about the use of end-to-end encryption and data privacy.
- Data breaches – Like any online platform, Zoom is susceptible to data breaches, which can compromise user data. To minimize this risk, it is important to use strong passwords, keep software updated, and avoid sharing sensitive information during Zoom meetings.
Tips to Stay Secure When Using Zoom
Despite the challenges facing cybersecurity teams and Zoom privacy, there are several ways that both individuals and organizations can implement through proper security awareness training & user behavior. These include:
- Using strong passwords — Ensure you set strong passwords for your Zoom account and for each meeting, and avoid using simple passwords or sharing passwords with others.
- Not sharing meeting links publicly — Never give out meeting links on public forums or social media. Instead, send the links directly to participants through email or other secure channels.
- Using waiting rooms — Activate the waiting room feature to control who enters the meeting. This allows you to review each participant and approve or deny access.
- Use authentication features — Two-factor and multi-factor authentication can add an extra layer of security to your account.
- Keeping your software up to date — Ensure your Zoom app is up to date and that you have the latest security patches and features.
- Using end-to-end encryption — Use end-to-end encryption to ensure that your conversations are private and secure.
- Avoiding file sharing —Avoid sharing files during the meeting, especially if they are sensitive or confidential. If necessary, use secure file-sharing services to share files with participants after the meeting.
- Being cautious of phishing scams —Remember to stay vigilant for phishing scams that may use Zoom as a way to trick you into revealing personal or sensitive information. Avoid clicking on links or downloading attachments from unknown or suspicious sources.
Zoom Alternatives for Video Conferencing
Today, there are many alternatives to Zoom as a video and audio-conferencing system, with many offering other useful features that can help teams and individuals raise productivity through streamlined collaboration and communication. Below, we briefly tour some of the most popular alternative apps that may help you sidestep Zoom security issues entirely.
- Google Meet – Google Meet is a video conferencing platform that is integrated with Google Workspace, making it a popular choice for businesses that use Google's suite of productivity tools. It offers features like screen sharing, virtual backgrounds, and real-time captions.
- Microsoft Teams – Microsoft Teams is a collaboration platform with video conferencing. It offers features like screen sharing, file sharing, and virtual backgrounds and is integrated with Microsoft Office.
- Skype – Skype is a popular video conferencing platform that has been around for many years. It offers features like screen sharing, file sharing, and instant messaging and is available on a range of devices.
- Cisco Webex – Cisco Webex is a video conferencing platform that is popular with businesses. It offers features like screen sharing, recording, and virtual backgrounds and is known for its strong security features.
- GoToMeeting – GoToMeeting is a video conferencing platform that offers features like screen sharing, recording, and virtual backgrounds. It is popular with businesses of all sizes.
Conclusion: Zoom Security
Zoom security has been a topic of concern for many users and organizations, especially since the platform has gained widespread popularity over the past few years. While Zoom has taken steps to improve its security features, there have been several incidents of security vulnerabilities and breaches in the past, and this remains an issue for cybersecurity teams trying to protect their users and organizations. That said, Zoom can be considered relatively secure, and, of course, there are many alternatives on the market for you to choose from if you feel it does not live up to your standards.
For more information on Zoom security issues and how you can keep your staff up to date with the latest threats, contact Mimecast today to discuss your concerns and explore our blog for more insights into cybersecurity and your industry.