Introduction
There has been much coverage in the press about security and privacy concerns surrounding the use of the Zoom. Several high-profile organizations have forbidden its use. Aside from the specific cases identified, using Zoom for video conferencing presents a relatively low risk.
Privacy Risks
Zoom addressed the privacy shortcomings that surfaced during the COVID-19 crisis. Host features that determine the “attention” level of attendees, and integration with Facebook that disclosed Zoom user data have been removed. As with other video conferencing solutions, public Zoom meetings are at risk of “meeting bombing – that is, uninvited attendees entering the meeting.
Security Risks
All video conference solutions use some degree of encryption to safeguard data data in transit over the internet. Decrypted data is theoretically open to view, raising the concern that Zoom and other providers can “spy” on conference content.
Mitigating Risk
- Use Microsoft Teams for internal video calls;
- Requiring passcodes;
- By default, block audio and video of public attendees;
- Control access to the Q&A or chat feature; and
- Keep video conferencing software up-to-date
