Use Zoom or not? This question has also been raised by many trainers and personnel developers in recent weeks. At the beginning of April, the news spread that the tool had significant security vulnerabilities. What information is true and what is not? We summarize the facts:
The popular meeting tool Zoom caused significant disagreements in recent weeks. There were discussions between data protection advocates and security experts that did not yield a clear outcome. So what is the current situation? Can I use Zoom without problems for training, coaching, and online seminars? We have gathered the latest information (Status 25.05.2020) for you:
An overview of the criticisms of Zoom
Let's start with the known problems of the platform that triggered this entire debate. Since many media reports have significantly oversimplified the problems surrounding Zoom, there have also been additional uncertainties. To let you know which points were specifically criticized, here is a brief overview:
Disclaimer: Of course, the video conferencing provider Zoom has responded to this legitimate criticism and directly addressed the issues and security vulnerabilities in the next update! And not all problems arose solely from the software provider’s side; some vulnerabilities were created by users themselves.
1. Zoombombing
It was frequently reported that strangers logged into the virtual meetings uninvited and shared inappropriate content. This could mainly be attributed to the fact that anyone with the 9-digit meeting ID could join the conversation directly without further barriers. Zoom wanted to make usage particularly easy, which, however, also resulted in the disadvantage of unwanted intruders.
By using an additional individual meeting password, this problem is quickly resolved. This setting was previously only optional; now it is firmly included in the default settings.
2. Data leaks
In mid-April, it became known that the login credentials of over 500,000 accounts were available for purchase on the dark web. It was also revealed that analytics data and a type of advertising ID in the mobile iOS version of Zoom were shared with Facebook. Experts also warned about the theft of Windows passwords through contaminated links.
This involuntary data sharing with Facebook was terminated in the next update. Furthermore, the hacked login credentials are likely not due to Zoom-specific security weaknesses, as business customers with SSO systems were rarely or never affected by such attacks.
3. Encryption
The weak encryption of the video conferencing provider was also criticized. Zoom had claimed until recently that the meetings were end-to-end encrypted. However, this turned out to be false. Only transport encryption was provided. Access to the actual server and the data stored there could theoretically be obtained.
As part of the next update, Zoom announced that it would strengthen encryption starting with version 5. The current version has been available since the end of April.
4. Server location
The company had rented several server locations through which data traffic was routed. Due to GDPR, it was criticized that data was primarily routed to the USA and through China.
The company responded to this, which is why you can currently choose which server locations besides the USA are allowed. With registration at Zoom, an Order Data Processing Agreement is automatically concluded, and the corresponding terms of use were specified in mid-April. The so-called EU standard contractual clauses have now also been integrated into the contract. This makes usage GDPR-compliant.
5. Installation
Zoom is popular mainly because of its quick use and installation, but there were also problems here. According to experts, especially during the installation on Apple devices, some protective settings were bypassed. This allowed meetings to be inadvertently recorded or access to the microphone or camera could be gained.
Zoom released a statement that they would update the installer and also update the client and have also enhanced the protective settings.
6. Data protection
As an American company, Zoom was also heavily criticized regarding data protection. With regard to the valid GDPR, the company had to upgrade for the European market. Zoom is now also certified under the EU-U.S. Privacy Shield and thus meets the legal requirements for an adequate level of data protection.
However, various experts state that Zoom is currently legally permissible in terms of data protection and can be used. Currently, only the official indication of a representative in the EU is missing in the privacy notice.
Why we still recommend Zoom
Of course, the video conferencing provider was rightly under strong criticism, as data protection is very important, especially for companies. Therefore, we are all the happier that these security issues have been resolved.
Because Zoom has several advantages over other video providers: It is relatively easy to use and provides a stable audio and video connection even with a low internet bandwidth. Additionally, even the free version allows large groups of up to 1000 participants to join the meeting. In our blog, we have already reported in detail why we love using Zoom: Zoom – The best tool for meetings?
What you should still pay attention to with Zoom:
Make sure that you are using at least Zoom version 5 and regularly and especially promptly install new updates.
Despite the additional password, do not share meeting links with people outside your company.
Pay attention to common security recommendations while creating passwords and always send them separately from the actual invitation.
Lock your meeting room for strangers as soon as all invited participants have joined the video conference.
Do not send sensitive files or links to documents directly in the Zoom chat.
You can apply these tips not only to Zoom. When using video services in general, you should be careful not to send important data unencrypted. If you keep these things in mind, there’s nothing stopping you from using Zoom.
Our conclusion on using Zoom
Among video conferencing providers, Zoom is the market leader worldwide. This is probably one of the reasons why the tool has been so heavily criticized. Like any other software, different bugs and other security issues can also arise with Zoom – these are usually promptly resolved. We see this as a significant advantage: Since Zoom is critically viewed by many different experts, errors are recognized and corrected more quickly. This makes the tool even safer for users.
Furthermore, Zoom offers us more advantages than disadvantages. We would gladly align ourselves with the opinion of security researcher Steven M. Bellovin from Columbia University: He writes on his blog that while the security of Zoom is not perfect, the usage is completely unproblematic for normal use and has proven to be very effective even for larger groups due to its ease of use and stable connection. Anyone who wants to use Zoom in a corporate setting for short meetings with colleagues and employees can do so without concerns, provided it’s not about trade secrets. However, if confidential information is discussed that could be of interest to intelligence agencies or hacker groups, we would also advise against using Zoom.
In the end, you have to decide for yourself whether to use Zoom or not. We at blink.it will continue to use the tool, as it is completely sufficient for our areas of application and the benefits clearly outweigh the disadvantages.
What is your personal opinion on Zoom? Feel free to share your experiences with us in the comments.
Would you like to continue to be informed about exciting topics? Then subscribe to our free newsletter and receive a short reminder email with the latest articles in our blog once a week.
Subscribe to the newsletter
Don’t miss any more articles in this blog and receive the latest posts weekly conveniently via email. Just enter your email address in this field!
Do you have questions about blink.it or this article?
Please feel free to write to us if you have questions about the product or specifically about this article. Our marketing team is available to you by email or can forward your request to an appropriate Blinkie 😊
