Speaking of Zoom…

News and information from the Advent IM team.

From Security Consultant Michelle Horton.

Recently, the first Cabinet meeting was held using Zoom US. Many organisations use systems like Zoom US (other platforms are available) but given the current circumstances, for many, this is a new venture. It raises important questions. Are we aware of the privacy settings and security procedures required and how we can protect ourselves? The implications apply personally as well as for business and other organisations.

The fact Zoom US was used by our Government was shared on Twitter and there were some very pertinent comments around how secure the use of this application actually is. Which I thought raised a good question and after doing some digging, I discovered that this particular platform can be subject to something being referred to as “Zoom Bombing”. This is where unwelcome guests are able to join meetings, share unwanted content across those meetings and generally be disruptive.  This is not just an issue using Zoom, but other platforms also.

I feel the reason that this behavior is possible is that security around these platforms may not really be as considered as it should be and users were “panic” meeting, or should I say, “panic” virtual meeting due to recent government announcements, so therefore in many cases, little or no thought was given to the platform in question, per se.

It is true, we are all adapting to this new virtual way of working and it can be beneficial, the fact these platforms do not require costly software and work with almost any web browser, is very appealing. But there are a few things to consider and that you can do to ensure you keep safe during these times:

  • Do research on the platform, see what principals they have around the security of information and what regulations etc they comply with;
  • Review the privacy settings;
  • Do not publicly advertise the meeting link;
  • Utilise waiting rooms or the lobby facility if available on the platform, this allows the organiser to allow entry into the meeting;
  • Restrict participant tools (listen only mode).

These are all physical things you can do to the platform to keep yourself, your colleagues and your organisation safe. You can also consider how you are sharing documents, what discussions can and should reasonably be held over such platforms; should they only be used to have general catch-up and well-being meetings, and whether  confidential, or business-sensitive matters should be discussed via this medium.

There is no right or wrong answer here as the platform you decide to use and how you use it is completely down to the organisational risk appetite and how much risk they are willing to take. I think as long as you are aware of what the platform records (if applicable) and what it does with the information shared, how to control the privacy settings and how to ensure only authorised people attend, then there is no reason these platforms cannot be used in the current climate and going forward.

Unfortunately, during these difficult times, there are some people out there who see this as an opportunity. Therefore, I ask you to please remember to consider security as one of the priorities when utilising new ways of working.

Keep safe, keep protected, keep business moving.

Share this Post