COVID-19 Resources

Assessing Risks of Zoom Video Conferencing

By March 25, 2020May 2nd, 2020No Comments

Introduction

There has been much coverage in the press about security and privacy concerns surrounding the use of the Zoom. Several high-profile organizations have forbidden its use. Aside from the specific cases identified, using Zoom for video conferencing presents a relatively low risk.

Privacy Risks

Zoom addressed the privacy shortcomings that surfaced during the COVID-19 crisis. Host features that determine the “attention” level of attendees, and integration with Facebook that disclosed Zoom user data have been removed. As with other video conferencing solutions, public Zoom meetings are at risk of “meeting bombing – that is, uninvited attendees entering the meeting.

Security Risks

All video conference solutions use some degree of encryption to safeguard data data in transit over the internet. Decrypted data is theoretically open to view, raising the concern that Zoom and other providers can “spy” on conference content.

Mitigating Risk

  • Use Microsoft Teams for internal video calls;
  • Requiring passcodes;
  • By default, block audio and video of public attendees;
  • Control access to the Q&A or chat feature; and
  • Keep video conferencing software up-to-date