Zoom is a video conferencing platform that has seen a huge increase in use during the Working From Home pandemic that has swept the globe for some reason over the last few weeks. The main reason it is so popular is that it is extremely easy to use and it ‘just works’.

Zoom has its HQ in USA but was, and still is, developed in China.

You may have seen in the media articles claiming that Zoom is not secure. Security experts have concerns that the encryption built-in to Zoom is not as strong as the company claims and that there are privacy problems.

A report published on Friday 3rd April by Canadian security experts Citizen Lab goes into some detail about the problems. It’s not all about Zoombombing (more on that later) but that the security of the platform doesn’t conform to the current standards in that it is not designed using security best practices and Zoom’s own claims of how secure it is are exaggerated.

You can read the report here – https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

The conclusion of the experts at Citizen Lab is that they would discourage the use of Zoom for the following:

  • Governments worried about espionage
  • Businesses concerned about cybercrime and industrial espionage
  • Healthcare providers handling sensitive patient information
  • Activists, lawyers, and journalists working on sensitive topics

I would agree that if you fall into any of the above categories, do not use Zoom.

If you need an alternative use Teams which is designed specifically for business use and developed and owned wholly by US company Microsoft. Most people who use Office365 already have Teams included in their subscription.

Zoom does have some features you can use to improve security and the company has promised to work on it further. You may have heard of Zoombombing. This is where someone simply guesses the meeting code and joins your meeting by chance. You can stop this by requiring a password to join (set this up when you create the meeting – people joining with a link will not need to enter the password but those joining by typing the meeting ID in manually (or guessing it) will be prompted for a password), or by locking the meeting once it is underway to stop anyone else joining (the host can go to the participants list > More > Lock meeting).

For straightforward ease of use and for (the new) normal day-to-day conversations Zoom is good enough and you can consider the claims about lack of security to apply only to those of you working as spies.

David Hewett – Managing Director – iTeam Solutions Ltd

Share This