When virtual communication platforms like Zoom were developed, they probably didn’t think of how to safely use their platforms during a pandemic. Because of Zoom’s growing popularity with all of us, they have opened themselves up to intense scrutiny about privacy from the FBI and state Attorney Generals. Welcome to “Zoombombing,” where an uninvited attendee crashes your meeting and disrupts from its intended purpose.
Now, this is a PR nightmare for Zoom because a few bad actors bombed classes and business meetings, and they showcased the app’s privacy and security vulnerabilities. One of the features they are being criticized for is the built-in attention-tracking features. As a self-professed “Webinerd,” I love this feature because it enables us to analyze the effectiveness of our events, the speakers, and the content. But that is a double-edged sword, and I can understand why it raises privacy issues.
Zoom understands how important safety and privacy are to their users and have been responsive in addressing these vulnerabilities. This past week, they introduced important security tools to help eliminate these issues. First, they removed the meeting ID number from the live meeting screen. Second, they have added a new “security” toolbar icon for meeting hosts, which enables them to control the level of security and privacy for their meetings. This is only visible to the host and co-host of a meeting and cannot be changed by an attendee or Zoombomber. It requires hosts to be smart about how to hold their meetings and to utilize these features to enable security.
Now, they have an all-inclusive dashboard where they can respond quickly to:
- Lock the meeting, deter Zoombombers and require an attendee to enter a password to participate
- Enable the Waiting Room option so you can approve who will enter the meeting
- Remove Participants that are not appropriate or disruptive
- Restrict what Participants can do in your meeting. This includes their ability to share screens, annotate on the content presented, chat with others in the meeting, and/ or rename themselves.
- Restrict meeting participants by domain
The Zoom team has also taken the extra precaution to update several features for specific account types:
- Waiting Rooms – this feature is now on by default for free Basic and single licensed Pro accounts, as well as education accounts enrolled in their K-12 program. It is a great option to control who can access your meeting and assuage the security fears of your attendees.
- Passwords – meeting passwords are on by default for free Basic and single licensed Pro accounts, and for education, accounts enrolled in their K-12 program.
- Domain Contacts – for free Basic and single licensed Pro accounts with unmanaged domains, contacts in the same domain will no longer be visible. They’ve also removed the option to auto-populate your Contacts list with users from the same domain. you can add them as External Contacts.
- Renaming participants – account admins and hosts can now disable the ability for participants to rename themselves (for every meeting) at the account, group, and user level in the web portal.
Zoom is being proactive about security. They released a 90-Day Security Plan focused on strengthening privacy and security for Zoom users. This includes a complete security review of the Zoom platform with Stanford professor and cybersecurity expert, Alex Stamos.
In a recent post on Medium.com, he said,
“As someone who has walked through the galaxy of blinking lights and the deafening whir of tens of thousands of servers carrying the sessions of millions of users, I appreciate the effort it takes to build a product that scales. To successfully scale a video-heavy platform to such a size, with no appreciable downtime and in the space of weeks, is literally unprecedented in the history of the Internet. It has been clear to many people who have worked on production-scale systems that something special has been happening at Zoom, and the related security challenges are fascinating.”
This makes him the perfect person to kick the tires and show Zoom where they are vulnerable and want changes they need to make.
Privacy and security on the Zoom platform will continue to evolve and change – this is a continuous process beyond the 90 days and this pandemic that they are committed to doing. This focus on security will hopefully alleviate the fears that participants have about how safe it is to participate in a Zoom meeting. It is a great platform, effective, and provides lots of opportunities for us to connect in our pandemic world.
I would love to hear your thoughts on the subject.