We Asked A Cybersecurity Expert To Explain How To Safely Use Zoom
The videoconferencing company Zoom, once Skype's more corporate sibling, is finally getting its due as a household name. It was the most downloaded app for both iOS and Android the week of April 1, according to Sensor Tower, trumping even TikTok. But as with anything that offers a literal window into users' homes, the newfound excitement around Zoom comes with some safety concerns.
"If you are going to discuss sensitive information that you wouldn’t want shared with your grandma and your boss, you shouldn't use Zoom," Kristina Podnar, a digital policy consultant who specializes in cybersecurity tells Bustle. For example, if you use a Zoom breakout room with a co-worker to recount a sext exchange you had with your ex, the conversation might not be as private as you think it is.
While you continue to plan your Zoom budget meetings, happy hours, and game nights, the FBI also wants you to know that "Zoombombing" — when someone logs into a meeting they weren't invited to and drops gross or disturbing images — is something you need to watch out for. More than a simple interruption, Zoombombers have posted pornographic content and used racial slurs during video chats, sometimes very sensitive ones like AA meetings. For many Zoom meetings, all you need to log on is an access code — bad news if the code gets into the wrong hands.
In a statement emailed to Bustle, Zoom advised users in large meetings to "review their settings, confirm that only the host can share their screen, and utilize features like host mute controls and 'Waiting Room,'" to stop Zoombombers. It also recommended that private users keep their password protections on. "We are deeply upset to hear about the incidents involving this type of attack," the statement said. "... We strongly condemn such behavior and we encourage users to report any incidents of this kind directly so we can take appropriate action."
What's more, on March 30, The New York Times reported that the New York Attorney's General office expressed concerns that Zoom's built-in security measures might not be able to handle the massive spike in users, not to mention the sensitive data being shared across its network. That same day, users filed a class action lawsuit against Zoom for "unauthorized disclosure of its users' personal information to third parties, including Facebook."
In a blog post on April 1, Zoom CEO and founder Eric S. Yuan addressed the lawsuit, saying, "We recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it." Zoom is also undergoing a "feature freeze" so its engineering team can focus solely on privacy and security. Going forward, the company will have third party experts review its privacy policies, and prepare an official transparency report for users. Although Zoom's software was updated and removed any data connections to Facebook, the lawsuit is ongoing.
Additionally, Zoom nixed the "attendee attention tracking" feature that let administrators know when users were in different tabs (aka, weren't paying attention to the all-staff brainstorm), and released fixes for Mac-related concerns about webcam and mic takeovers.
Zoom isn't the only video chat company experiencing issues as its downloads soar. Last week, Houseparty's security came into question when people claimed they had their Spotify or email hacked after logging on. However, the BBC reported on March 31 that the claims about Houseparty's security were false. On Twitter, Houseparty explained that it believes the rumors were started by a "paid commercial smear campaign to harm" the company.
From legal rights pertaining to the protection of your data, to simple-to-follow security measures, Podnar tells Bustle there are significant ways you can make yourself less vulnerable to hacking when videoconferencing.
Make A Freestanding Account, Always
When you sign up for a new app, don't use a different one (Facebook, Google, etc.) to create or login to a platform, even if it's easier. "Always create a unique username and password per each platform, including Zoom," Podnar tells Bustle, adding that you should avoid sharing data between your apps and platforms. Why? "The more linked and complete data that companies have about you, the more valuable it is since you become a prime target for highly specific marketing and sales purposes," Podnar says. "By keeping that data separate, you at least create a wall that keeps the data separate and makes it harder for companies to understand every detail about you."
Control What You Can
If you are using Zoom on your phone, take advantage of the security measures that your phone comes with. If you have an iPhone, you can update your security settings by heading to "Settings" and then "Privacy." There, you'll see a list of all of the apps that have requested access to your data. If you want apps to stop tracking your location, you can head to "Settings" and then "Location Services," and manage which apps can see where you are and when. You can also scroll through your apps in "Settings" and tap the Zoom icon to manage the access to your calendars, microphone, camera, Siri, notifications, and cellular data.
Make It Private
"With Zoom and Houseparty, you have the option to make room or conversation private. Do it!" Podnar says. The setting can be made permanent in Houseparty, or you can just tap the lock icon at the bottom of the screen when you begin your call. For Zoom, you can require a password to enter the meeting. In a blog post on March 27, Zoom suggested that teachers keep their virtual classrooms locked, so no one else can join.
Stay Updated, Literally
Software updates often clean up security issues, so always use the latest version of all of the software, regardless of whether you are on your laptop or mobile device.
Zoom, like many other videoconferencing tools, allows meetings to be recorded. By law, you have to be informed if a call is being recorded, unless you live in a one party consent state, in which case only person on the call needs to be aware of the recording. Regardless of where you live, Podnar says "always ask when you join a call to ensure that you are aware (and don’t say things you don’t want on record) of the situation." This is another good reason not to download Zoom on your work computer if you're just using it for Powerpoint parties.
TL;DR? Zoom is undergoing a lot of growing pains right now, thanks to its newfound popularity, but it's working to ensure better transparency when it comes to your data privacy. If you want to keep tonight's Zoom date on the calendar, you might want to lock the door behind you.
Kristina Podnar, a digital policy consultant and the author of The Power of Digital Policy.