Zoom has become a very familiar component of our lives in part thanks to the COVID19 pandemic. Virtual meetings have hit record levels, one of the success stories has been Zoom. The company went from 10 million daily users to 300 million daily users in a very short period of time. One source of concern for users of Zoom has centered around security. Most recently that topic is encryption. Initially, Zoom stated that only paid-for subscribers would receive encryption, after much public pressure the company relented providing encryption to free users also. Let’s take a look at something you didn’t know about Zoom.
How Encryption Works Within Zoom
Zoom does not provide end-to-end encryption for all of its users. The most important thing to note here is end to end encryption is not enabled by default. If you are a user of Zoom the company will use AES 256 bit GCM encryption. Zoom states that using end-to-end encryption limits some of the functionality of the service therefore users will have to activate it manually and on a per-meeting basis.
Something Else To Add
In addition to the above, you will need first to authenticate the account also, before you will be able to use end-to-end encryption. This will require you to hand over additional pieces of personal data that you may not feel comfortable doing. Zoom explains it will need your phone number for example to verify your account.
Security As A Opt-In Model
Zoom has made many significant strides in a very short period of time but it will come as a surprise to many that Zoom is still plagued with some vague rules around enforcing true security to its offering. Indeed Zoom in its own recent blog highlighted the very points we are making here. However, making security an optional extra is always far from ideal given the nature of the information shared during Zoom meetings.
Without end-to-end encryption, your organization will remain vulnerable to man-in-middle attacks. Allowing criminals to potentially eavesdrop on conversations or potentially alter what information is delivered to the other user. Moreover, your conversations are less secure than you could be otherwise. Potentially you may even be unwittingly violating an agreement with a client or governmental entity.
We welcome the moves Zoom is making towards making the product more secure, you will probably attend a Zoom meeting today in fact! But like with most things the devil is in the details and you should be aware and act accordingly. As always been informed your IT department or external third-party should be your resource for the various latest security standards and threats your organization faces today.
Do you need help preparing your technology for the future? Our vCIO team is ready to tackle your challenges. Contact us today to find out what a vCIO can do for your business.