Zoom Security Issues and What You Can Do to Avoid Them
Anyone in business or education can tell you that remote meetings and classrooms are a technological marvel ... when they function correctly.
When the COVID-19 pandemic brought the world to a screeching halt in March of 2020, businesses and schools rebounded by diving headfirst into remote meetings and remote learning. A majority of these meetings took place on Zoom, a virtual meeting forum and video conferencing platform.
While things seemed great at first, a number of Zoom security issues started coming to light that concerned both business and individual users. In this article we'll summarize the most common security concerns with Zoom, and give you tips to avoid them and keep your business and data safe.
Zoom’s Vulnerabilities Uncovered
It wasn't long until Zoom's vulnerabilities were discovered, the hard way.
Three days after Motherboard's investigation revealed Zoom's iOS app was sending analytics data to Facebook, Zoombombers were attacking business meetings and classrooms with raunchy text, audio, and images. These travesties were just the beginning.
The month of April 2020, proved to be a difficult one for Zoom.
From day-one, reports of leaked e-mail addresses and customer content available on the Dark Web were rampant.
Zoom responded immediately, upping security by creating "waiting rooms" for secure entry into classrooms and meetings. However, this effort was too little - too late as far as most school districts were concerned.
Many schools had abandoned Zoom and embraced Google Meet to avoid egregious violations of their students' privacy.
Still, Zoom worked to address and fix their overwhelming security problems (as any business determined to preserve their market share would).
Zoom Ramps-Up Safety Measures & Faces Scrutiny
By mid-April, Zoom announced an update to Zoom 5.0 using AES 256-bit encryption, which would roll out by May 30.
In early May, Zoom purchased Keybase, a security company, and set its sights on developing end-to-end encryption. End-to-end encryption is a security measure that ensures only you and the person you are in communication with have access to your conversations.
The fact that Zoom was entertaining end-to-end encryption unleashed a fiery controversy. The controversy escalated when Zoom announced this security feature would only be available for paid customers.
Even though end-to-end encryption is the safest for users, law enforcement says it makes their job much more difficult.
Companies like Zoom that deal in online communication are urged to create a "backdoor" into their encryption for law enforcement access if necessary. End-to-end encryption has no "backdoor," leaving Zoom and law enforcement at a dicey stand-off.
It seems Zoom's decision to provide end-to-end encryption to only paid customers was an olive branch in the dispute. Even Zoom's CEO, Eric Yuan, admitted the decision was a trade-off that worked with law enforcement instead of against it.
Get your FREE Remote Work Success Guide
Could you use more tips and tools to support and empower your distributed workforce?
In this 5-step guide, you'll uncover some of my top tips to add value to your remote team TODAY.
The Specifics (and dangers) of Zoombombing
Under Zoom's old security format, Zoombombing became a popular violation of seemingly private meetings.
All a person needed to join a Zoom meeting was a meeting link. Meeting hosts who shared links on social media or other public forums fell victim to nefarious Zoombombers who created havoc by posting racist, pornographic, or other racy content in the middle of a Zoom meeting.
Blocking these uninvited guests was ineffective because they still had the meeting link. All they had to do was create a new account and join the meeting again.
New Rules for Zoom Hosts
Meeting hosts quickly became educated on the do's and don't's of sharing links and hosting meetings.
Zoom implemented the "Waiting Room" feature to give session hosts more control over who joined their meetings.
The following is a step-by-step process for utilizing the "Waiting Room" feature to improve Zoom security:
- Click the arrow next to “Share Screen” in the Host Controls at the bottom of the Zoom screen. Select Advanced Sharing Options > Who Can Share. Set to Host Only.
- Use the “Waiting Room” feature to admit attendees one-by-one or all at once with the following settings: Account Management > Account Settings > Meeting > Waiting Room.
- Use the following steps to lock the meeting after it starts. This policy might seem quite unforgiving to late arrivals; however, if everyone knows the rules and the reasoning behind them, there should not be a problem. Click "Manage Participants" at the bottom of the host screen and select "Lock Meeting."
- Finally, the meeting host can stop all uploads throughout the meeting. Follow these steps to deactivate user upload ability: Account Management > Account Settings > Meetings > File Transfer, turn to off.
Zoom’s (more secure) Competition
Even with the deluge of security breaches and other unsavory publicity, Zoom continues to be a widely popular virtual meeting platform. This popularity can be attributed to Zoom’s easy set-up and access.
Ironically, it is these same features that exposed Zoom’s vulnerabilities and began its downward spiral just a few short months ago.
Today, that downward spiral has seemingly corrected itself with added security measures and tips for loyal users. One of these tips is a fundamental suggestion to create strong passwords and change them often.
But if you're concerned by the roller-coaster ride that Zoom has offered business users, let's take a look at the best alternatives to Zoom for people or companies who feel compelled to access a different virtual meeting platform.
Skype vs Zoom
Many people have maintained a loyal connection to Skype, even after other virtual meeting forums hit the market. It’s no wonder. Skype has a lot to offer:
- Like Zoom, Skype is impressively easy to set up.
- Skype can be used over the Web without a download, making it a popular choice for businesses with download restrictions. Zoom has a Web app with no download; however, this version has limited capabilities comparatively.
- Skype meeting time has no limit. Zoom has a 40-minute time-limit for 3+ people unless you upgrade to Zoom Pro at $15 per month.
- Skype’s only paid feature is international calling. Receiving premium security and unlimited meeting time is only available for paid Zoom customers.
- On Skype, 50 people can meet at once with the capability to see 25 at a time. Zoom can accommodate up to 100 online meeting participants with the ability to see 49 at a time.
Google Meet vs Zoom
Recently, Google Hangouts was re-branded to Google Meet. Businesses and school districts with access to G Suite have embraced Google Meet in the wake of the Zoom security breach. And to help out during the Pandemic businesses can use all of the versions of paid Google Meet tiers for free through the fall.
Let’s see what Google Meet has to offer as a virtual meeting platform:
- All levels of Google Meet are free to Google account holders until September 30, 2020. After September 30, Google Meet will maintain a free version with ample features and offer upgraded versions for a $10 monthly fee. Zoom is free for users or $15 monthly to upgrade to Zoom Pro.
- After September 30, 2020, the free version of Google Meet will allow 1-hour unlimited meetings for 100 participants. The paid program delivers a meeting maximum of 300 hours for 150 participants and an unlimited number of meetings. Zoom’s free version has a 40-minute time limit for 100 participants. The paid version offers an unlimited meeting time for 100 participants.
Related: Google Meet for Beginners (a guide)
Zoom Security Issues: Take-Aways
Although Zoom encountered a few dark months, it has addressed its security issues one-by-one and has implemented new measures aimed at stopping customer violations such as Zoombombing.
More advanced security measures such as end-to-end encryption are also being explored, improved, and developed to keep Zoom competitive in a popular market.
While Zoom is somewhat of a giant in the field, it is not the only game in town and the reality is that many of the security issues Zoom has been frantically slapping bandaids on were addressed by Google and Microsoft years ago. Experience and resources matter, and Google Meet and Microsoft's Skype have both in spades.
Businesses and school districts gravitated to Zoom alternatives as a way of continuing business while Zoom was dealing with its firestorm of problems.
Now that the smoke has cleared somewhat, people cannot deny Zoom still has a lot to offer. Its simple sign-up process and user ease paired with the ability to see up to 49 participants in the grid create an impressive platform that fills the video-conferencing needs for many small businesses, nonprofits, and teams.
However, Skype and Google Meet could be a better fit for some, and if you'd like to try out Google Meet's full features (for free), Suitebriar would love to help get your business set up.