Zoom Headquarters

Do You Love Zoom? Consider Some Precautions

The COVID-19 crisis is forcing many of us to adopt new technologies to maintain our daily personal and professional lives. While video meeting technology, specifically Zoom, is not new to the marketplace, it’s being more broadly employed. But in an effort to accommodate your needs, are you sacrificing security and privacy? In short, yes. But if this is the technology you’ve come to know and love, there are steps you can take to manage your use more effectively.

1. Patch your software: The Zoom software was found to contain a vulnerability that allows remote attackers to steal Windows login credentials and, possibly, execute commands on users’ systems. For individuals, this can mean a compromised identity, financial data, or other personal effects. In a business environment, this can open the door for attackers to compromise other users or systems in a myriad of ways, like by unauthorized disclosure of customer data and through ransomware attacks. Zoom has released an updated version of its software to address this security issue; we recommend you adopt the new version.

2. Add a password: Zoom will automatically require passwords when configuring meetings. However, hosts have the option to disable the requirement. If you are hosting, DO NOT disable. If you are a participant, don’t join a meeting without being prompted to input a password.

3. Be careful where you post the link: Even though you’ve enabled a password to the meeting, the password may be embedded in the invite link. Once a person has the link, they can gain access to your meeting. Be sure to share the link only with participants and do NOT post it on public forums.

4. Lock the meeting: You’ve created a meeting with a password, you’ve kept the link private, and all parties are present and accounted for. Now lock the meeting. Simply refer to the Zoom toolbar, click “Manage Participants,” select “More,” then “Lock Meeting.”

5. Avoid posting pictures: It can be tempting to share screenshots from your Zoom meeting. Perhaps you want to share your office’s virtual happy hour in a display of office comradery. Or maybe you’ve put the college gang back together. It’s best to just keep these moments private as sharing pictures could disclose meeting IDs and information that can be used to hack future meetings. Steps 1 through 4 will help mitigate this risk, but why take the chance?

We continue to learn more about vulnerabilities surrounding Zoom. In fact, despite Zoom’s claims, reports confirmed Zoom does not use end-to-end encryption to protect calling data. Zoom instead uses the same technology, Transport Layer Security (TLS), webservers use to secure websites. TLS does provide some level of encryption and will keep people from spying on your Wi-Fi, but it is not end-to-end encryption and your data is still exposed. As well, while Zoom claims that it does not access, mine, or sell user data, the company was caught sharing users’ device information with Facebook.

Despite the red-flags, Zoom remains a popular video meeting choice. It’s free and easy, but mostly, it’s trendy. Still, you might consider other options like Microsoft’s Teams and Skype, Apple’s Facetime with Signal for added privacy, and Google’s Hangouts.

Stay safe and secure.

For more information, contact the Risk Management Advisory at HBK CPAs & Consultants email me at mschiavone@hbkcpa.com.

Please indicate the industry that your company operates in: *

About the Author(s)
Matthew Schiavone is a Senior Manager in HBK’s Quality Control department. He specializes in risk advisory services, system and organization control (SOC) reporting, internal controls, IT audit, information security, and cyber security for all types of industries.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.