Guess what I just finished? No, not the latest Stephen King book, but rather another in an endless string of Zoom video conferences that seem to be the “new normal” for all of us the last three months. With businesses and organizations taking proactive steps to protect employees and staff, almost all have shuttered their brick and mortar facilities in favor of remote working since the COVID-19 pandemic exploded in March.
As millions of new home-bound workers attempt to conduct business with remote co-workers and clients and schools seek to continue educating students, Zoom suddenly became the video meeting service of choice according to c/net. The meeting platform, which accounted for just over 10 million participants in December of 2019, took off in March of this year with 200 million folks using it to an astounding 300 million daily meeting participants in April.
In the beginning, I wasn’t one of the millions of early adopters. Not because I was Zoom averse, but my company was invested in Microsoft Teams, while other clients were on the Cisco Webex bandwagon. My one encounter with Zoom, though, was enjoyable as me and my sequestered family were treated to an 18-minute-long Zoom wedding as the cast of the hit TV show “The Office” reunited.
That has all changed. Zoom has become the default video meeting platform permeating my life. My friends are all using it now. My company has taken a liking to it as we use it to shoot security-vendor interviews for our website, and our clients love to stack our talking heads into my 27-inch monitor for their show and tells, as we catch up on missed trade show visits. Predictably, the rapid migration to home-office environments and the myriad video platforms we are employing to remain viable with our friends, students, co-workers and customers, forgot one thing. Security.
Zoom has been the poster child for bad security practices in our new video reality. While Zoom has since promised it has rectified all its security vulnerabilities, it still serves as a cautionary tale for how a crisis situation that fails to properly vet business continuity contingencies can create almost as much havoc as the crisis itself. Case in point; New York City's Department of Education urged schools to switch to Microsoft Teams from Zoom "as soon as possible," on April 6 when it found security and privacy issues related to the videoconferencing app. That same week, both Google and the U.S. Senate banned Zoom citing security vulnerabilities.
In the midst of the Zoom security kerfuffle, Paul Bischoff, a privacy advocate with Comparitech said that the platform had a couple of issues that made it tough to secure in a school environment. “The problem isn't really with Zoom's security, but more with operational security among those who use it. Teachers might not configure their Zoom settings correctly, allowing third parties to enter virtual classrooms, for example. Invite links and codes are tough to keep private. Zoom also collects a fair amount of personal information about its users, who in this case are a captive audience required to attend class.”
Bischoff added that Zoom also lacked end-to-end encryption, despite what it's marketing would have you believe. “Though I don't think Microsoft offers this either for group video or voice conferencing. That means Microsoft could snoop on video and voice content. All that being said, I don't think average users should be dissuaded from using Zoom, so long as they take certain precautions.”
Apparently, NYC schools felt Zoom had done its due diligence and tightened security and privacy protocols enough to be reinstated in late May. Zoom created a customized version of the platform specifically for the city’s education department and made a series of other tweaks to satisfy broader concerns about privacy and security.
Everything being done to accommodate at-home students and workers are under a microscope right now due to a huge increase in users, so more vulnerabilities are bound to surface.
As Chris Rothe, co-founder and chief product officer at Red Canary stated: “The big benefit of Zoom is that it ‘just works’ which is a massively important benefit in the impossible IT environment created by students being at home. It does pose a security risk but, then again, all computers and applications do.”
