Is Zoom Safe or Not – Unveiling the Cybersecurity and Data Privacy Challenges

27
Digital Transformation, Data Security, Cyber-threats, Cyber-attacks, Cyber criminals, Data Breach, Zoom, COVID-19, Coronavirus, Zoom bombing, Remote working, Work from home, IT, California Consumer Protection Act, Facebook, iOS, WebEx, Skype CEO, CTO, CIO, CISO, Digital Transformation, Data Security, Cyber-threats, Cyber-attacks, Cyber criminals, Data Breach, Zoom, COVID-19, Coronavirus, Zoom bombing, Remote working, Work from home
Is Zoom Safe or Not – Unveiling the Cybersecurity and Data Privacy Is Zoom Safe or Not – Unveiling the Cybersecurity and Data Privacy ITSW

Zoom daily meeting has suddenly become a choice of collaboration for remote teams, the number of participants growing from 10 million in December 2019 up to 200 million in March, due to the COVID-19 situation

The sudden rise in demand for remote conferencing platforms has resulted in the exponential rise in the number of Zoom users. A 500% rise in the daily traffic to the Zoom platform has exposed users to certain privacy and cybersecurity issues. Unsurprisingly, recently Zoom’s shares have increased 74% while the global stock market is down by 21%.

COVID-19 – Enterprises Are Facing Challenges Due to a Massive Shift into Remote Working

Concerns and Allegations

Many privacy and cybersecurity concerns regarding Zoom have come up, including the below allegations:

  • Zoom sending data of its iOS app users to Facebook for an ad, even if the user is not on Facebook
  • Zoom’s window version is vulnerable to attackers who can send malicious links to users’ chat interfaces to gain access to the network credentials
  • Zoom doesn’t require a user’s consent before allowing the host to record the session
  • A security flaw is found in the platform that enables hackers to take over a user’s Mac, including tapping into the webcam and microphone
  • Zoom has access to unencrypted video and audio from meetings
  • Zoom has been alleged for violating the California Consumer Protection Act

Zoom Response

In response to all these concerns and issues, Zoom unveiled a new privacy policy on 29th March. Zoom has confirmed that it does not sell users’ data and that it completely complies with privacy rules, laws, and regulations.

Ways to Enhance Security and Privacy

With the increased number of privacy concerns, businesses are carefully weighing the risks and benefits of using Zoom conferencing over other platforms like WebEx or Skype. Companies who are still relying on Zoom are focusing on revising or implementing privacy protocols that leverage secure video conferencing software to mitigate associated privacy risks.

Automation Is Booming – Robots Are Taking Over Amid Lock-downs

Looking at the massive risks that have been introduced,  cybersecurity experts have highlighted some precautions that could help keep users safe:

  • To mitigate the “Zoom bombing” risk, the setting should only allow the host to share the screen.
  • The hosts should use a “waiting room” for all meetings— to ensure that the new attendees are approved before joining the meeting.
  • The hosts should generate random meeting IDs instead of Zoom-generated links or their personal meeting ID.
  • Users need to keep their microphones and cameras turned off unless they are speaking.
  • Hosts need to prohibit local recording in order to mitigate the risks of disclosure of confidential information. The local recording option should be disabled before discussing proprietary or confidential information.
  • Businesses should prefer using Zoom webinars over meetings whenever possible. Because webinars don’t include group participation, they are much less attractive targets for hackers with fewer security vulnerabilities.

With the unexpected situation of COVID-19, the dependency of businesses on collaborative communication tools has increased. Though these tools are now featuring automatic backup of stored data, end-to-end encryption, and seamless user interfaces to revolutionize remote working to help organizations cut costs on infrastructure. With the nature of cyber threats becoming increasingly complex, these tools will need to catch up by continuous evolution to ensure ease of use by not affecting the cost of security or efficiency.