This week, multiple cities, including New York and Washington DC, banned public schools from using Zoom, and the FBI issued a warning about the videoconferencing tool’s privacy and security breaches at the end of March. As the world adjusts to social distancing, there’s no question that Zoom has become an integral part of our lives, from business meetings to yoga classes to happy hours. But Zoom’s incredible surge in popularity (daily usage grew from 10 million people in December to 200 million in March) has resulted in security incidents like Zoombombing, where trolls disrupt meetings and share offensive content. Meanwhile, misleading information from the company about Zoom’s encryption capabilities and a vaguely-worded policy had people worried that Zoom could mine messages and files shared during meetings.
Zoom’s CEO has apologized and said that the company plans to focus on privacy and security but, as evidenced by the FBI and others, the damage might already be done. Here are three things we can all consider when using videoconferencing and other communication services to keep our information secure and private.
Check on the Encryption.
The kind of encryption we use for different scenarios matter. For a book club or yoga class, transport encryption (explanation below) could be sufficient, but for sensitive situations such as a business meeting or a conversation with a healthcare provider, end-to-end encryption is a must. Perhaps Zoom’s most glaring discrepancy is that they claimed that one of its features was end-to-end encrypted meetings, when what it actually offers what is what’s often called transport encryption. Transport encryption protects your video and audio content during a meeting from anyone spying on your Wifi but doesn’t keep it private from Zoom, meaning Zoom could access it. This might be sufficient for more casual situations but when all is said and done, end-to-end encryption is best.
Make Sure You Are in Control of Your Meeting.
After a meeting or discussion is finished, we need to be able to rest assured that the information we’ve discussed can’t be shared further. This week, researchers found thousands of private Zoom recordings exposed online, with recordings covering elementary school sessions that showed students’ faces, therapy sessions and business meetings that included financial details. When it comes to security and privacy, we need to think beyond encryption to consider who has access to the information shared and whether it could be compromised.
Pick a Trusted Provider.
Perhaps the overall takeaway from the current Zoom situation is that businesses must be transparent with consumers about privacy and security. Zoom was consistently vague about the privacy and security they offered – from claiming end-to-end encryption, to a poorly-written policy that suggested they could mine information for ad sharing, to sending data to Facebook without notifying users. The company has since clarified their encryption features and updated their policy. But they are also now facing a class action lawsuit over the data sent to Facebook. Look for businesses that are upfront with consumers and have been thoroughly vetted.
As we consider what tools we use to communicate for business, healthcare and with loved ones, we should look for tools that offer strong security and privacy, protecting our information at all times. Communication over Vaporstream is always end-to-end encrypted and any information you share cannot be forwarded, screenshotted, saved or stored. We know how important it is for you to trust your provider, which is why we’re proud to share that mobile security experts NowSecure chose us as a recommended tool for remote collaboration.
To learn more, schedule a demo