Applications are now open for our next cohort of the CyberCX Academy

Given the security issues surrounding Zoom, what is the most secure, but workable online meeting solution?

,

Mark Hofman Answered by Mark Hofman, Chief Technology Officer, CyberCX

There’s obviously concern around the security of the Zoom product and their history hasn’t been great. There was an application issue last year on Macs and another regarding end-to-end encryption. Zoom say that the conversation is encrypted end-to-end, between two parties or multiple parties, but this is misleading.

Rapid 7 have a useful blog that goes through the actual vulnerabilities that were disclosed and the reality of them when using the product, you can find this blog here.

The discussion on Zoom and whether to use it or not, depends on your circumstances. If your conversation is confidential, it’s probably best not to use Zoom. Other platforms such as Skype for Business will encrypt end-to-end, and similarly Microsoft Teams has a better security platform. That said, for normal day-to-day use, Zoom is still being used by many organisations and it’s okay.

The more objectionable issue than the vulnerabilities that have already been disclosed, is Zoom bombing, where people are dropping-in on meetings and posting all kinds of disgusting pictures. That can be stopped by just some configuration changes, use invite passwords to make sure that the person is actually registered with Zoom, or have the waiting room setup so you can prevent access to unwanted guests before they actually join the meeting. Avoiding anonymous meetings is the recommendation for Zoom.

General advice is; if you have the need for a particular product then you need to follow your normal instincts and do a risk analysis. Ask yourself what you really care about and that will help you decide which product is suitable for you.

View our 5 easy steps to improve your cyber resilience.

Cyber Resilience Strategies

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.