Reading: Is Zoom Safe & Secure?
rapid climb has become then omnipresent that even nursery kids are now using “ Zoom me ” as a verb to communicate. My five, yes, 5-year previous nephew does his english tutelage over the Zoom app and is in full comfortable with annotating, switching off the television camera when he is being naughty and even muting the microphone during ‘ Zoom meetings ’ when he wants the teacher to think there is an internet connectivity trouble .
So, is Zoom secure or not?
Let ‘s get straight to the point. For most organisations who have a decent degree of security measures in locate, yes, Zoom is dependable. But wait ! Before you move on to another web log on our web site, there is much more to the answer than a simple yes. Let me explain .
What sector are you in and what are you discussing?
The first question you should ask is what do you do ? Are you in the arms fabrication occupation for a especial government unit ? Are you discussing National Security Topics or extremely sensible data that, if intercepted, could actually impact the country ‘s security ?
You get the compass point. If your subject of discussion is highly medium and you do n’t want any interception then you should NOT be using Zoom. As a matter of fact, you should not be using any network conferencing solutions available. We may write another web log for desirable alternatives .
Do n’t forget, most modern ‘smart ‘ devices are listening to your every news and in the font of Samsung, for exemplar, they were absolutely open about it. Samsung’s T & C said “ if your speak words include personal or other sensitive data, that information will be among the data captured and transmitted to a third party through the use of Voice Recognition. ” More information here .
Let ‘s not forget about Amazon ‘s Echo, Google ‘s Smart speakers and every other “ chic device ” in your home .
Take a risk-based approach
Continuing from the above segment, the simpleton answer to any motion, not just “ Is Zoom secure ? ” is to take a risk-based approach. here are some questions you should ask before you use any software :
- What sector is your organisation operating in?
- Does it trade in/create/store state secrets, intellectual property?
- Is your organisation covered by any specific national security confidentiality requirements?
- Is interception of your discussions, phone calls and meetings going to compromise your business or affect national security?
- What does your specific government say about the software provider, in this case Zoom?
Wait! Zoom is a Chinese Company!
No, Zoom is a US-based caller. Founded and headquartered in San Jose, California, it ’ s publicly traded on the NASDAQ. In fact, the company ’ mho CEO and Founder clarified in his blog last class that Zoom has absolutely no connections with the chinese government. He besides added that he ‘s been an american citizen since 2007, living in the US since 1997 .
The Queen and UK Prime Minister function Zoom, so it must be safe against cyber attacks, adjust ?
Yes, they do and I can assure you ( well, let ‘s hope I am justly ) that person somewhere must have done a contextual hazard assessment based on what was going to be discussed, the sensitivity of the topics and more, before allowing them to join a Zoom meet room .
What do the US and UK Governments say about Zoom?
There is a especial Zoom app for the US Government created by Zoom called ZoomGov. In compendious, the data stays in the US only. There is something similar by Microsoft for Microsoft Teams. It ‘s got to do with US FedRAMP and sealed acceptable baselines. guarantee you do your research .
There is a long ton of steering on Zoom but here are some links by the US and UK governments. They are either PDFs or websites .
- There is more information here from the US Government CISA.
- The UK’s NCSC has a one page Infographic here.
How to Use Zoom to Test Your Cyber Incident Response Plans?
At Cyber Management Alliance, we regularly conduct Cyber Crisis Tabletop Exercises for clients including banks, councils, sporting organisations, pharmaceuticals and more.
Read more: Integral of tan x (video) | Khan Academy
Before the Covid-19 pandemic, we conducted most tabletop exercises at the customer site or in special offsite locations. Since the beginning of March 2020, we switched all cyber tabletop sessions to remote and started using Zoom. At that clock it was the entirely one that offered breakout room functionality, a sport we rely on for successful tabletop and incipient response testing exercises .
For the read, we have besides used MS Teams and Google Meet for conducting crisis tabletop exercises without excessively many issues .
Murphy’s Law & Cyber-Attacks
( The Law that states ‘ major Incidents only happen on Weekends or Holidays ’ : )
Murphy ’ south police dictates that most cyber-attacks are lone detected and hence bring havoc on Friday evenings in the West or Thursday evenings in the Middle East. consequently, most, if not all staff, are out of function, at home or travel. Pandemic or not, testing of Incident Response Plans through a virtual conference room only makes sense .
It ’ randomness best to practise responding to a crisis through a platform that lends itself well to a chaotic situation like a security incident and one that you will credibly be using when you are under attack .
In our opinion, Zoom is pretty seamless, it rarely has technical glitches if everyone has a decent internet connection, you can contribution screens, put people in waiting rooms or break rooms, making it ideal for managing a cyber crisis, specially in the stream business environment .
Better Alternatives to Zoom?
Yes, there are excessively many to list here. here are some others that we use regularly .
- Microsoft Teams: Thank the Almighty that Lync and Skype are out of the picture.
: thank thethat Lync and Skype are out of the picture. Microsoft Teams is actually quite a beneficial business communication platform and it ’ s getting good. It never had some of the popular functions of Zoom such as Zoom Rooms and Breakout Rooms but now the latter is being introduced gradually .
- Google Meet: An increasingly robust video conferencing solution, : An increasingly full-bodied video conferencing solution, Google Meet has cursorily become identical popular as an alternative to Zoom. however, it lacks the break room functionality which I love to bits .
- There are some others like Blue Jeans for video conferencing, live streaming and connected rooms. Join Me is considered good for screen share and team collaboration.
WARNING! None of the above (and that includes Zoom) is a 100% secure solution against data breaches. Like all software applications there will be known vulnerabilities and there will be Zero day exploits for each.
Please read the UK and US government guidance on how to ensure you better secure your video conferencing connections including, you guessed it, using common sense.
To enhance your cyber crisis management and cyber resilience capabilities, check out our NCSC-Certified Cyber Incident Planning and Response run. You can besides consider our Breach Readiness Assessment to evaluate if your occupation is train to deal with a cyber-attack .