Is Zoom Safe & Secure?

date : 17 June 2021 “ Is Zoom dependable ? Is Zoom going to compromise our cybersecurity ? ” These are some of the questions asked by our clients and prospects about the video recording conferencing service. In this web log, we give you a clearer answer for the wonder on the video recording conferencing solution ’ mho condom and security .
A promptly count at some of the concerns related to the video conference solution that we cover in this web log :

soar has become so omnipresent that even nursery kids are immediately using “ Zoom me ” as a verb to communicate. My five, yes, 5-year old nephew does his english tuition over the Zoom app and is amply comfortable with annotating, switching off the camera when he is being naughty and even muting the microphone during ‘ Zoom meetings ’ when he wants the teacher to think there is an internet connectivity problem .

So, is Zoom secure or not? 
Let ‘s get straight to the decimal point. For most organisations who have a decent degree of security measures in target, yes, Zoom is dependable. But wait ! Before you move on to another blog on our site, there is much more to the answer than a dim-witted yes. Let me explain .

What sector are you in and what are you discussing? 

The inaugural motion you should ask is what do you do ? Are you in the arms manufacture commercial enterprise for a especial government unit ? Are you discussing National Security Topics or extremely medium data that, if intercepted, could actually impact the area ‘s security ?
You get the point. If your subject of discussion is extremely sensible and you do n’t want any interception then you should NOT be using Zoom. As a matter of fact, you should not be using any vane conferencing solutions available. We may write another web log for desirable alternatives .
Do n’t forget, most modern ‘smart ‘ devices are listening to your every word and in the case of Samsung, for exercise, they were absolutely capable about it. Samsung’s T & C said “ if your speak words include personal or early sensitive information, that data will be among the data captured and transmitted to a third gear party through the practice of Voice Recognition. ” More information here .
Let ‘s not forget about Amazon ‘s Echo, Google ‘s Smart speakers and every early “ smart device ” in your base .

Take a risk-based border on

Continuing from the above incision, the dim-witted answer to any interrogate, not merely “ Is Zoom procure ? ” is to take a risk-based approach. here are some questions you should ask before you use any software :

  • What sector is your organisation operating in? 
  • Does it trade in/create/store state secrets, intellectual property?
  • Is your organisation covered by any specific national security confidentiality requirements? 
  • Is interception of your discussions, phone calls and meetings going to compromise your business or affect national security? 
  • What does your specific government say about the software provider, in this case Zoom? 

 

Wait! Zoom is a Chinese Company!

No, Zoom is a US-based party. Founded and headquartered in San Jose, California, it ’ s publicly traded on the NASDAQ. In fact, the company ’ south CEO and Founder clarified in his blog last year that Zoom has absolutely no connections with the chinese government. He besides added that he ‘s been an american citizen since 2007, living in the US since 1997 .
The Queen and UK Prime Minister manipulation Zoom, so it must be safe against cyber attacks, discipline ?
Yes, they do and I can assure you ( well, let ‘s hope I am right ) that person somewhere must have done a contextual hazard appraisal based on what was going to be discussed, the sensitivity of the topics and more, before allowing them to join a Zoom meeting room .

What do the US and UK Governments say about Zoom?

There is a special Zoom app for the US Government created by Zoom called ZoomGov. In compendious, the datum stays in the US only. There is something like by Microsoft for Microsoft Teams. It ‘s got to do with US FedRAMP and sealed acceptable baselines. guarantee you do your research .
There is a short ton of guidance on Zoom but here are some links by the US and UK governments. They are either PDFs or websites .

  • There is more information here from the US Government CISA.
  • The UK’s NCSC has a one page Infographic here.

How to Use Zoom to Test Your Cyber Incident Response Plans? 

At Cyber Management Alliance, we regularly behave Cyber Crisis Tabletop Exercises for clients including banks, councils, sporting organisations, pharmaceuticals and more.

Before the Covid-19 pandemic, we conducted most tabletop exercises at the customer site or in special offsite locations. Since the beginning of March 2020, we switched all cyber tabletop sessions to remote and started using Zoom. At that time it was the only one that offered breakout board functionality, a feature we rely on for successful tabletop and incipient reception testing exercises .
For the commemorate, we have besides used MS Teams and Google Meet for conducting crisis tabletop exercises without excessively many issues .
New call-to-action

Murphy’s Law & Cyber-Attacks 

( The Law that states ‘ major Incidents entirely happen on Weekends or Holidays ’ : )
Murphy ’ randomness law dictates that most cyber-attacks are only detect and hence bring havoc on Friday evenings in the West or Thursday evenings in the Middle East. consequently, most, if not all staff, are out of agency, at base or travel. Pandemic or not, testing of Incident Response Plans through a virtual conference board alone makes sense .
It ’ randomness best to practise responding to a crisis through a chopine that lends itself well to a chaotic situation like a security system incident and one that you will probably be using when you are under attack .
In our impression, Zoom is pretty seamless, it rarely has technical glitches if everyone has a decent internet connection, you can share screens, put people in waiting rooms or break rooms, making it ideal for managing a cyber crisis, particularly in the stream business environment .

Better Alternatives to Zoom?
Yes, there are excessively many to list here. here are some others that we use regularly .

  • Microsoft Teams : Thank the Almighty that Lync and Skype are out of the mental picture.

    Microsoft Teams

    is actually quite a good business communication platform and it ’ s getting dear. It never had some of the democratic functions of Zoom such as Zoom Rooms and Breakout Rooms but now the latter is being introduced gradually.

  • Google Meet: An increasingly robust video conferencing solution, : An increasingly robust video conferencing solution, Google Meet has promptly become very popular as an alternate to Zoom. however, it lacks the break room functionality which I love to bits .
  • There are some others like Blue Jeans for video conferencing, live streaming and connected rooms. Join Me is considered good for screen share and team collaboration. Further, if you want to record your virtual meetings or presentations, you can use a screen recorder like Movavi.

WARNING! None of the above (and that includes Zoom) is a 100% secure solution against data breaches. Like all software applications there will be known vulnerabilities and there will be Zero day exploits for each.  
Please read the UK and US government guidance on how to ensure you better secure your video conferencing connections including, you guessed it, using common sense. 

Read more: Snort – Rule Docs

To enhance your cyber crisis management and cyber resilience capabilities, check out our NCSC-Certified Cyber Incident Planning and Response course. You can besides consider our Breach Readiness Assessment to evaluate if your business is prepare to deal with a cyber-attack .

free cybersecurity trainig

Leave a Reply

Your email address will not be published.