Don't miss a thing! Sign up to be notified about new blog posts.
It’s no surprise that many companies are starting to amp up their security. Data breaches are on the rise and many firms around the world are learning this the hard way when hackers gain access to sensitive data. In 2013, millions of records were exposed as a result of targeted and random attacks. This beats the previous maximum from 2011 and may still be beat by 2014’s data breaches.
As far as these data breaches are concerned, roughly 90 percent of them were remotely executed, meaning that someone had managed to crack into a database without having to physically access it. Considering the proportion of incidents executed this way, and the number of incidents executed, this is a startling statistic.
So, what does this have to do with Zoom?
When you use Zoom, you invite people to attend your meetings, share your screen, and perhaps even record the meetings to store them in an archive. We have a host of security options and features to ensure that everything you do on Zoom remains private and secure. Let’s take a look…
The sign-on process of most applications you’ll use are very secure. Zoom is no different. When you sign in through our site, software, or application, your information is kept safe through encryption throughout the process.
Still, even with all of this protection, there are ways in which this can become an issue that could lead to a breach. The way you store your account credentials, in particular, can raise an alarm. For example, let’s say you save your password along with a whole bunch of other passwords that you’re using for a variety of applications. If it’s stored in plain text digitally (e.g. a Notepad TXT or MS Word document with no particular encryption), then you’re opening up the possibility for an eventual mess. This not only violates a couple of regulations depending on what industry you’re in, but it also violates the principle of obscurity that you must keep in order to maintain a secure environment. Storing passwords in plain text opens up the doors to malware that may gain unfettered access to your files and report back home.
While Zoom’s point of sign-in is fully secured with encryption, your company may choose to use SSO (single sign-on) as an added layer of protection and convenience. Zoom supports SAML-based SSO, so all of your applications are held behind a single password-protected barrier that is managed by the SSO provider and your company. Zoom works with Google App and a variety of SSO providers. For a list of our SSO partners, visit https://zoom.us/partners and scroll down to the External Partners section.
Now that you’ve signed in safely to Zoom, you are ready to start your meeting. To provide security during your meetings, we use the Advanced Encryption Standard (AES) 128-bit algorithm. This will ensure that snoopers cannot reconstruct and decode your video or audio stream at any point. However, if you’re having a meeting without a password, anyone with a link to the meeting room can join it.
Although no one’s reportedly ever done this using our software, it is entirely possible. If you wish to discuss sensitive topics in your meetings, we suggest using a room password to lock out any undesired “surprise” participants.
Room passwords are especially effective for permanent meeting rooms that former employees may know about. Be sure to change the room password regularly to prevent anyone outside the company from entering. You can also keep the “Join before host” notification or disable “Join before host” if you don’t want anyone in your meeting room without you in there first.
Zoom’s recording feature allows you to make it possible for anyone who participated (and especially those who couldn’t make it to the meeting) to review what was discussed. Once you’re done with a meeting, Zoom will just pop out an MPEG-4 file and hand it to your hard drive.
The problem with this, of course, lies in how you handle the file after it’s been given to you. Do you store it on the cloud to share with others? This is a common practice, but it may be somewhat naive. If someone breaks into the cloud service you’re using, that person will have generous access to your recordings. This can either be a nuisance or completely devastating, depending on what is found in the content of the videos. Do you really want that kind of exposure?
Even if you store your recordings on an encrypted cloud storage service, sophisticated hacker could find the encryption key somewhere and decrypt everything. Instead of relying on a third-party storage provider, it’s much better to encrypt the files yourself on your system and store them in that state anywhere you wish. This way, you doubled the layer of security that only you have the power to undo. Using local file encryption will virtually guarantee that even a successful theft will end in total failure when the thief tries to open the precious cargo.
If your company has your own secure servers that you would rather run your meeting traffic on, we’re fine with that! You can install our free on-premise meeting connector, wherein meetings start on our cloud, but all meeting traffic – that’s video, audio, and screen sharing data – all run on your company’s virtual machines.
While you can do anything you want with our software, it’s important to understand why following the above pieces of advice are for your benefit. Using Zoom by itself and the way it was intended will generally keep you safe from most breaching attempts. Our use of HTTPS throughout our website and AES 128 via our application make it more difficult for network “sniffers” to piece together what you’re doing with our software. On top of all of this, the methods discussed above are the ways to best protect your Zoom experience. This is why they’re called “best practices.” Follow them, and you’ve armed yourself to the teeth for a better meeting experience.
That said, remember to be safe, keep calm, and use Zoom. Sign up for a free account today!