One Year On, Is Zoom Safe to Use?

Shimon Sorga 19-Mar-2021 15:08:00
zoom

It's been a couple of years since many of us said goodbye to our offices and started working from home, and for a lot of us, this was our first experience working remotely, so it took some time to get used to this new normal.

During this time, Zoom has become more than a descriptive word, it has become integral to the way we work and stay connected. We are, of course, referring to Zoom, the video communication software—at some point or another, we have used Zoom to host or join a meeting with a colleague, client, friend, or family member.

Thanks to the pandemic, Zoom added more users in the first quarter of 2020 than they did during the whole of 2019. Zoom took off over other platforms like Microsoft Teams and Google Meet due to its easy setup, useability, and free meetings for up to 100 people. However, its rapid and unexpected growth led to an increased focus on the company’s security practices and privacy promises. So, one year on, is Zoom safe to use? Read on to find out. 

What Are The Main Zoom Security Issues?

Before we conclude on whether Zoom is safe, let’s take a look at some of the biggest zoom security issues and privacy concerns around the platform.

Are Zoom Phishing Scams A Concern For Users?

Yes, Zoom phishing scams should a point of focus for all users. At the height of 2020, the Better Business Bureau warned Zoom users that scammers were trying to steal their usernames and passwords via phishing emails and text messages. A few years later, the same zoom security issue remains.

The scam messages, designed to cause panic, warned that "your Zoom account has been suspended" or that "you missed a meeting," and offer a helpful link to log back in. By clicking the link, you would be taken to a fake login page designed to capture your Zoom user credentials, allowing hackers to use or steal your Zoom account. While we’re seeing fewer zoom phishing campaigns like this, as long as Zoom remains popular, we won’t be free from these scams - so stay alert and think twice before clicking on any links.

How to stay secure while working from home

What Is Zoom-Bombing & How Does Zoom Address It?

Zoom-bombing, which emerged as a significant threat to users when Zoom's popularity surged at the beginning of the pandemic, refers to unauthorised individuals disrupting Zoom meetings. At the start of the pandemic, when Zoom’s popularity grew, Zoom-bombing became the newest threat to anyone using the platform. In a move to combat these intruders, Zoom released two features:

  • Suspend Participant Activities: Let the meeting host pause, kick out disruptive participants, and then resume the meeting.
  • Report by Participants: This extends to meeting participants the ability to report disruptive participants, a solution is previously given only to meeting hosts.

While these features don’t stop the zoom bombs from happening, it does enable hosts to swiftly get rid of unwanted meeting attendees.

Did Zoom Make A False End-To-End Encryption Claim?

Zoom landed themselves in hot water in 2021 when it was discovered that their end-to-end encrypted (E2EE) wasn’t what it said on the tin. Instead of calls being E2EE between participants, the data was only encrypted between each meeting participant and Zoom’s servers – meaning it wasn’t truly end-to-end encrypted.

Since then, Zoom has rolled out a E2EE meeting option into its platform during 4 phases. The first phase was rolled out in October 2021; however, enabling E2EE in your meetings disabled certain features, including joining before the host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat*, and meeting reactions*.

*Note: As of version 5.5.0 for desktop, mobile and Zoom Rooms, these features are supported in E2EE meetings.

Since then, Zoom has rolled out its E2EE service across more platforms. You can read more about Zoom’s plans here.

Are There Ongoing Security Flaws In Zoom That Could Pose Risks?

Zoom has a long list of security flaws. Many of them have now been fixed, but it raises the question of how many more undiscovered vulnerabilities are still available for hackers to exploit. The dynamic world of cybersecurity raises concerns about undiscovered weaknesses that hackers could exploit. This highlights the need for everyone, including Zoom users and its development team, to stay alert and work together to find and fix security issues. This teamwork is crucial for keeping Zoom secure and dependable.

Can Zoom Be Trusted?

Zoom is far from being the only video conferencing app with security issues. Services such as Google Meet, Microsoft Teams, and Webex have all received flak from security experts over privacy concerns. However, Zoom has been involved in multiple lawsuits over the last year. In 2018, Zoom secretly installed a web server on Macs that let websites spy on users and re-installed the Zoom meeting software even after the user had deleted the program. And it told customers that recorded meetings stored on Zoom servers would immediately be encrypted, which wasn't always true.

The Federal Trade Commission recently announced that Zoom "misled users" and "engaged in a series of deceptive and unfair practices" regarding its own security.

The decision, issued by U.S. District Court Judge Lucy Koh in San Jose, comes in a potential class-action lawsuit that includes claims related to “zoombombing,” encryption practices and data-sharing with Facebook and other outside companies.

It was agreed that Zoom would have yearly internal security reviews and external security reviews every other year and must implement a vulnerability management program. Another stipulation was that Zoom offers customers multi-factor authentication, which it has already implemented. "Zoom is also prohibited from making misrepresentations about its privacy and security practices," the FTC said. Certainly, a big step in the right direction.

Is Zoom safe to use yet?

5 best practices for SME cybersecurity

Despite Zoom’s checkered past, it boils down to what you are using the platform for and how you use it. For example, Zoom isn’t the place to discuss confidential government, corporate, or patient information.

But for social get-togethers and workplace meetings (that stick to routine business), Zoom is safe enough. Of course, there are a few security best practices to follow when using the platform to keep you extra secure.

Zoom security best practices

In April last year, I wrote an article about how to stay safe on Zoom that included tips on how to set up your account and schedule, share and host your meetings safely. Since then, Zoom has faced more criticism over its security, so what else can you do to keep your business safe?

Safeguard your account

Treat Zoom like any other account and apply the basics to protect your account. Never use the same password twice; if Zoom were to suffer a breach, that password could be used to try and access other corporate accounts. Be sure to use a strong and unique password, if you have a password manager, they should generate one for you. Add another layer of protection with two-factor authentication – this requires you to enter a special code sent via text, email or app when logging in to prove it’s you.

After you register, you’ll get a Personal Meeting ID, it’s best to avoid making it public. And because Zoom offers an option to create public meetings with your Personal Meeting ID, it’s quite easy to leak that ID. If you do, anyone who knows your PMI can join any meeting you host, so share this information wisely.

Learn to identify fake emails

As mentioned above, Zoom phishing campaigns are a popular way for bad actors to steal your account details.

There are some common red flags to look out for when it comes to phishing emails such as bad grammar, misspelt words, urgent calls to action, discounts, fonts, logos, and colours that don’t match the brand. Check out our blog on “How to Spot a Phishing email” for more details.

Another scam to be on the lookout for is unexpected Zoom meeting links - whether it’s from someone you know or an account you’re not familiar with – don’t’ click on the link. Use the tips above to determine whether the email is legit. If in doubt, get in touch with your IT department for advice.

Protect your meetings with a password

Setting a unique and strong password for each meeting remains the best way of ensuring that only the people you want in your meeting can attend. Last year, Zoom made the sensible move to turn password protection on by default. But just to be clear, your zoom account password and meeting password are not the same – they are two different passwords.

Remember, we’re trying to keep the baddies out - never share your meeting links, meeting ID, or your meeting passwords via social media or any other public channels. You should also avoid reusing meeting passwords.

Join Zoom meetings through your web browser

While you may find that the quality of your video call is better on the app, the web browser version gets security enhancements much faster.

And aside from the updates, the web version is still more secure. That's because it lives in a browser's sandbox, meaning it has far fewer permissions and a reduced ability to cause issues across your entire operating system.

When you click a link to join a meeting, your browser will open a new tab and prompt you to use or install the Zoom desktop software. But in the fine print, there's a link to "join from your browser." Click that instead.

So, there you have it, the answer to “is Zoom safe?” Providing you take the right preventative measures and only use Zoom where it is appropriate, you should be okay.

Netitude has been delivering secure, reliable and productive IT for business growth since 2001. If your business needs advice, additional IT support or business technology solutions, get in touch with one of our experts today, we're always happy to help!