As the world went into lockdown, Zoom found itself centre stage as the go-to meeting and collaboration tool, at work and at home (easy, since they’re now one and the same).
Besting more established video conferencing platforms like Webex, Google Hangouts, Facebook Messenger, and within organisations, Teams and Skype for business, Zoom went from comparative obscurity to a household name. It’s not hard to see why. Easy to access across devices and boasting a strong set of conferencing tools, it seemed the ideal solution to get the job done.
But, soon into its star turn, Zoom started to get a kicking from cybersecurity experts, IT security teams and digital workplace commentators. What changed and should we be concerned about using Zoom in a work context?
Prior to the pandemic, Zoom was generally only used for social and personal contact, keeping friends and family connected.
Then online meetings became essential, but many businesses didn’t have the digital workplace infrastructure in place to support this way of working. So, as always in these situations, people find their own way to get the job done and Zoom became the common solution.
But, in one of the most widespread demonstrations of shadow IT use, choosing Zoom has left many business conversations open to infiltration, at odds with compliance and potentially breaching data laws. Zoom is simply not being used in the way it was designed to. And with such mass adoption, fraudsters have more vulnerabilities than ever to target.
Glenn Fleishman of TidBITS.com pulled together a very comprehensive list of “Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself”. It’s a great, insightful read.
We may now have a sense that Zoom is risky. But what do we do? Delete the app Zoom from all devices and never return, or continue to use it with that slightly anxious feeling?
Based on the conversations we’ve had with security experts and our recent webinar on shadow IT, here’s what we’d advise:
Even if you’re paying for Zoom, that doesn’t mean that the way it uses data, where it stores it, or how it manages user accounts, is automatically compliant with your business rules or local laws. Be sure to talk with your IT and security teams for the best advice on using the tool.
Internal communications’ support of tools in your organisation will give the business ‘permission’ to use them, so be responsible. If you invite everyone to a Town Hall via Zoom, you’re essentially giving it the green light. But if Zoom hasn’t been approved by IT, this can create a risky scenario so please have those conversations first!
If people in your business are using Zoom to overcome the lack of online collaboration and video conferencing, then you have a strong business case to invest in the right tools. The use of shadow IT always provides insight into what a business really needs from technology. Ask people why they are using it, and team up with IT to bring about the solutions that will help your business flourish in the long term.
Zoom are trying, and they’ve been public about their shortfalls, and efforts to remedy. But how ready is it now is still an important question. The tool works well and has proved invaluable to many businesses and teams. But let’s not make problems for ourselves in the future
With the right approach, you and your business will emerge from this ‘unprecedented time’ with tools that work, that serve a need, and that won’t keep your IT and legal teams up at night.
You may have seen that Facebook recently launched ‘messenger rooms’ for video calling in Facebook messenger – a very clear rival to Zoom’s party-like interface. Not only can you have fifty people in a room, but non-Facebook users can also join. Additionally, there doesn’t appear to be the frustrating forty-minute cut-off.
However, everything I’ve said about Zoom holds true for Facebook. It may not be compliant in your region, and there’s plenty of potential data and GDPR pitfalls with using this platform to collaborate with colleagues that haven’t ‘opted in’. Unless you have the paid-for ‘Workplace’ solution from Facebook – which would have been checked out by your business – I would highly recommend you speak to your IT, Cybersecurity and data teams before using Messenger Rooms in your organisation.