Life After the Zoom Breaches

May 29th, 2020   |     |  culture and news, security & compliance

In the wake of major security breaches, Zoom has settled with the state of New York with a pledge for greater privacy and default security settings on the now ubiquitous conferencing app.

Details of the settlement include new encryption and security measures to protect users of all kinds (paid, unpaid, teachers, and students). In addition to new privacy controls and a “comprehensive data security” program, they’ve acquired Keybase to help ensure privacy while conferencing at every level.

Background

The COVID-19 outbreak spurred an unprecedented move from office to remote work, from schools to distanced learning and from in-person social gatherings to virtual happy hours and birthday parties. Zoom has been the primary beneficiary of this historic shift.

The problems for the software company began in late March when users began to report “zoombombing.” Zoombombing occurs when an unwanted visitor joins a zoom meeting. This phenomena triggered an FBI investigation into the dramatic increase in video hacking. The investigation revealed, among other things, dangerous security flaws in the now incredibly popular software.

Findings included a lack of end-to-end encryption—a system that excludes outsiders from accessing communications between designated individuals—despite Zoom’s advertising its use. Other findings revealed major security flaws, including software that could add users to calls without their permission and give hackers access to users’ Mac computers, including the use of their microphones and cameras.

Motherboard found that Zoom was also selling user data to Facebook for advertising purposes, and while Zoom denied such a claim, the stipulation was included in a California lawsuit that was filed at the end of March.

Moving Forward with Zoom

The now indispensable app has improved security for users of all types, sharing detailed information and instructions for end-users on their website to instill greater confidence while using the app. But for those who are looking for a more detailed look at how to protect their privacy and company information from potential hackers, here are the things you need to know.

1. You Can Now Password Protect Your Meetings

If you’re creating a meeting with coworkers, friends, family, or anyone else, you can now create a password for the invitees. This will prevent any unwanted hijackers from jumping into your meeting unexpectedly. This feature can be found under the “settings” tab once you’ve logged into Zoom.

2. You Can Now Meter Who Joins Your Meeting with Waiting Rooms

Chances are, you learned about this feature the hard way, when one of your team members started pinging you that they couldn’t get into your meeting. The Waiting Room feature is super helpful once you know that it exists. As the host of the meeting, you can now keep every new meeting member in a waiting room and let each one in after vetting their identity.

3. You Can Now Use a Randomly Generated ID

Instead of using your own personal meeting ID, you can create a randomly generated ID every time you invite folks to a new event. This is another way to prevent potential hijackers from jumping into your meetings.

More Tips for Hosting a Successful, Safe Meeting with Zoom

In addition to the new and enhanced features Zoom has implemented in the wake of the breaches, hacks, and lawsuits, there are also some best practices that you can use to ensure that your meetings and online social engagements go smoothly without any unwanted interruptions.

Lock it Down: Once your meeting has started, and all desired participants are accounted for, you can virtually lock the door to your meeting to prevent anyone else from joining. You can do this in the “Manage Participants” tab.

Disallow Screen Sharing: While this isn’t ideal for social calls, it might be a good idea for team meetings at work to prevent any unwanted bombing or accidental show and tell. (We’ve all seen these online by now.) You can do this in the “Security” tab.

Always Update: Software companies like Zoom are always updating their systems to account for the latest breaches, hacks, and potential issues caused by negative outside forces. One of the best pieces of cybersecurity advice for every end-user of just about every type of software is to stay up-to-date on software updates. Zoom is not an exception.

Zoom is not Malware

Contrary to what some experts were claiming at the beginning of the Zoom security controversy, Zoom is not actually Malware. It remains to be seen whether the changes they’ve made are foolproof, but in the age of the internet, virtually nothing is 100% foolproof. Zoom has become and will likely remain the go-to conferencing tool for businesses and individuals as remote work and social activities become a regular feature of our daily lives, at least until something better comes along. But whatever may eventually replace it will come with its own set of problems.

Practicing good password hygiene, using secure VPNs, especially for corporate functions, and understanding the best practices for video conferencing are all great ways to keep your personal information and meetings secure in post–COVID-19 life.

For more information on the Zoom settlement, visit DataBreach.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices