Does Zoom present a security risk to your business?

Does Zoom present a security risk to your business?

There are many free-to-download platforms available that are not secure and could put businesses in breach of legal obligations when it comes to data protection. This applies especially to tools which are used to store or share content, or which enable teams to communicate. 

With the increasing use of technologies such as Zoom for video conferencing, web conferencing and chat, we’re sharing some security information to be implemented whilst using Zoom. We’ll also look at some recent examples where problems have arisen. 

Some recent challenges presented by Zoom

Zoom bombing. This has recently become apparent in classrooms and some business meetings where hijackers join a meeting yelling out profanities, shouting out personal information or adding offensive logos/pictures to video calls.  

Visible meeting information. On Tuesday, Prime Minster Boris Johnson tweeted a picture of a Cabinet meeting conducted via Zoom, which included the ID number on the screen. The meeting was password protected, so the intruders were hopefully confronted with a strong password. 

Meeting ID Scanning Some intruders have gained access by randomly entering nine-digit numbers until one matches a Zoom meeting ID.  

Domain Spoofing. The popularity of Zoom caused a sharp increase in Zoom-related phishing scams. The number of domains containing the name “Zoom” showed a sharp increase during the COVID-19 pandemic. Many of these are being used to make fake Zoom websites and links for the purposes of stealing personal information or financial gain.  

Data Leakageit has also been reported that there have been occasions where data is being collected and shared between different organisations such as Facebook, when using IOS devices.  

Security Steps we advise to be taken 

  • Ensure meetings/classrooms are private. 
  • Ensure a password is required to join the meeting.  
  • Enforce the meeting room function that keeps all attendees in a waiting room to control the guests accessing the call ahead of it beginning. You can also disable “join before host” to enforce this feature.  
  • Do not share conference details on social media. Provide attendees a specific link directly. If you do share photos of the meeting, make sure the ID is not visible.  
  • Manage screen-sharing options, ensure the screen sharing to ‘Host Only.’  
  • Ensure your Zoom client is up to date. In January, Zoom rolled out a security update that added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.  
  • Do not use the personal meeting ID, instead allow Zoom to create a random number for each meeting. 
  • Disable file transfer where possible. 
  • Disable “allow removed participants to re-join“.
  • We would recommend not using IOS devices when hosting private or confidential calls or videos.  

Implementing the suggestions above should improve your business security whilst using Zoom. If regulations mean your business communications have to take place in a completely secure environment we would recommend Microsoft Teams over Zoom. Take a look at the Teams page or download the comparison guide on this page for more information.

Related insights

Nothing found.

Enabling specialist UK businesses to unleash their true potential.

Get in touch