We Need To Talk About Zoom

As everyone knows video conferencing company Zoom has enjoyed huge growth on the back of the Covid-19 pandemic.

But, equally, it has received lots of bad publicity due to its numerous security flaws. These include the obvious, such as "Zoom-bombing" - where unwanted strangers join existing meetings and disrupt them. These antics have ranged from stupid to the downright offensive and obscene. To counter this, all meetings should be password protected - the password should not be easy to guess and should be used once only. Also, your meeting name should be as anonymous as you can make, so do not use your company name or call it anything that might attract the wrong attention. Calling it "Secure meeting for XYZ Company" - you may as well hire a marching band too. Please feel free to be creative with your deception, if you have an important meeting call it something innocuous, such as "Dads Football Chat".

The best way to avoid numerous security issues is not to use the downloadable software version - only use the web browser add-on. Unfortunately, Zoom does its best to hide the link to this version - look for the link "join from your browser" or something similar. The browser version is more secure because it operates within the security constraints of your browser and does not install on your system or have direct access to it - it also tends to be more frequently updated.

Also, installing the software version on your computer can be fraught with technical issues, so even if your PC is not technically compromised in some way, the software may not work well with your PC.

Once you are over the obvious technical hurdles, it still pays to be cautious about what you discuss over Zoom (or any other video conferencing software). We recommend not discussing client or customer details that may be sensitive. It is better to keep conversations general and restricted to routine matters only. Also, please do not discuss sensitive technical information, such as passwords or account access to other services, bank details, bank payments or anything that could be used by a hacker - basically, you need to keep topics as boring and routine as possible - just like most real-life meetings.

If you are talking directly to clients, make sure they are happy and able to use Zoom or any other video-conferencing system. You may wish to try a short trial meeting first to iron out any issues. If your customer or client is reluctant to use Zoom, for whatever reason - do not use it. They could well be at home using a PC with a pre-existing compromised system. Much better to revert to the phone or meet in an empty car park or sit opposite ends of a park bench and chat. Keep your distance of one or more metres apart and keep it brief. Your client may also appreciate that you went the extra mile when many others would not.

Even when using the web browser version, you may be vulnerable if existing malware is already on your PC, malware that can record keystrokes or listen to your microphone or access your webcam.

Ultimately, the liability rests with employers to provide employees with the best IT equipment, security software and the frequently forgotten element - training. As systems become more secure and communications are routinely encrypted the person, the employee, remains the weakest link. Remember - never feel rushed or pressured into doing something - particularly on a Friday afternoon or out-of-hours. If you get an email or message purporting to be from your boss requesting something urgently (information or payment) call your boss on the number you have for them - not on any number providing in the message or email.

Query everything and take nothing for granted.