As millions of Americans have become displaced from work and school, Zoom has become a household name. The platform allows users to remotely hold group videoconferences, including the ability to share screens – an asset for many and Precision Legal Marketing is no exception.
With COVID-19 tearing through our nation, many have begun to work and learn remotely. Businesses are conducting meetings and schools are conducting lessons on the Zoom platform. The media has always had a flair for dramatics and sensationalizes quite a bit. So, with all of the hype surrounding Zoom’s security and the new “Zoom bombing” trend, we wanted to provide some information and to dispel some of the untruths floating around out there.
While there is quite a bit of negative surrounding Zoom right now, there are ways to mitigate these security risks by following some best practices (at the bottom) when using the application.
Just this past week the FBI issued a warning pertaining to Zoom videoconferencing and how individuals were hijacking VTC’s (aka Zoom bombing) in an effort to spread hate speech, pornographic materials, threatening language and/or other disruptive content. Law firms, in particular, have begun utilizing Zoom videoconferencing more with COVID-19 forcing many law firms to close their offices. Zoom bombing can be particularly frightening when you’re sharing attorney-client information which is likely confidential information.
As a result of this concerning security breach, multiple state attorneys general are joining forces to scrutinize Zoom’s privacy and security practices. A Zoom spokesperson, in response to the state attorneys general inquiry, stated “”We appreciate the outreach we have received on these issues from various elected officials and look forward to engaging with them.”
To address the concerns surrounding Zoom’s privacy and security, Zoom CEO Eric Yuan released the following statement:
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
Beyond Operator Error
Leading up to the pandemic, Zoom was under fire for several well publicized security flaws. In mid-2019, security researcher Jonathan Leitschuh made public his findings on the vulnerability with Mac Zoom users. Here are his findings:
- Hackers are able to turn on your Mac’s webcam and force you to join a Zoom call – without your permission.
- Allowed any webpage to Denial of Service (DOS) a Mac by repeatedly joining a user to an invalid call.
- If you installed the Zoom application and then uninstalled it, your system would have still had the localhost web server which was able to re-install the Zoom application – without your permission.
After this information was released to the public, Zoom and Apple worked together to fix these vulnerabilities.
Here’s what you might not be aware of – Zoom has been collecting and sharing your information with third parties, including Facebook. While this is a clear breach of our privacy, many don’t quite understand the ramifications of third-party information sharing. At this point in time, we would like to call to your attention the Facebook/Cambridge Analytica scandal. The Facebook/Cambridge Analytica scandal provides more than enough reasons why third-party information is a complete and total invasion of our privacy.
Class Action Lawsuit
That’s right, it’s gone beyond just an inquiry from state attorneys general. A class action lawsuit was filed against Zoom Communications on March 30th, 2020 in the United States District Court of Northern District of California by Robert Cullen, individually and on behalf of all other similarly situated.
Zoom Best Practices
- This may seem like an obvious, but there’s a reason we’re saying it AND listing it in the top spot: DO NOT post Zoom links in public spaces, such as your website or social media posts.
- Do not make meetings public. Require a meeting password or use the waiting room feature to control the admittance of guests.
- Do not share a link to a teleconference on an unrestricted social media post. Provide the link directly to the intended guests.
- Manage screensharing options (unless it’s necessary for your client to share their screen) and allow “host only” screensharing.
- Ensure your Zoom application is updated – in January 2020 Zoom updated their software and security updates.
- Disable annotation if you don’t need it. This disables it for EVERYONE, so be sure you won’t need it before disabling.
- Uncheck “allow removed participants to rejoin” so that participants that you remove cannot rejoin the meeting.
- If you don’t want people to join the meeting before the host, simply uncheck the “join before host” option.
- Once everyone has joined your meeting, you can lock your meeting so that others cannot join.