Zoom Remains A Privacy Risk Without Cybersecurity Improvements
The Zoom videoconferencing platform enjoyed an explosive surge in users after the COVID-19 pandemic forced schools and businesses to increase remote capabilities. Reports indicate that Zoom saw an uptick from 10 million meeting participants in December to upwards of 200 million by March.
But the exponential rise in popularity appears to have shined an unwelcome spotlight on Zoom. Cybersecurity breaches and a trend called “Zoom-bombing” have emerged that raise concerns about vulnerabilities.
“This outbreak and subsequent quarantine have created a workforce of remote workers the world has never seen, and with it, the unrelenting cyberattacks on that remote workforce are at times beyond comprehension. This has shown how naive our workforce has become with technology and the role they play in cybersecurity,” Jack Smith of Initial.IT reportedly said.
School districts such as New York City banned Zoom after remote learning was breached. Zoom officials are trying to close cybersecurity gaps and repair the product’s reputation. A flurry of unanswered questions about the future of Zoom has tech industry thought leaders weighing in on potential risks and the need for cybersecurity improvements.
“In our global business climate, many businesses work with people all over the world. These people reside in countries with friendly and non-friendly governments. Zoom has to comply with laws in every country and could be compelled to share meeting data with the government,” Bryan Ferrario of Alliance Tech Partners reportedly said. “What happens if they are put under great pressure from China to share meeting data? What is Zoom’s policy in these situations? Most technology companies have published how they deal with these types of government requests, Zoom does not.”
This lack of transparency raises alarms in the business community. While organizations in the U.S. Department of Defense supply chain might not be authorized to communicate via Zoom, intellectual property theft estimates from China alone costs Americans upwards of $600 billion annually. The ability to breach sensitive communications among multi-national corporation leaders could prove invaluable in this regard. That’s why many believe it’s time for the government to at least deliver a wake-up call to Zoom.
“I don't believe that regulations are required, but there should at least be some sort of warning that industry-standard security mechanisms are not enforced,” Nick Hess of SureTec IT reportedly said. “When regulation intersects with security and cryptography, you tend to get one of two results: Either the company will cut corners and shoddily implement security mechanisms just barely enough to meet the minimum requirements, or regulators will mandate that security be implemented in a way that it is potentially reversible for law enforcement purposes.”
But for agencies such as the Federal Trade Commission (FTC) and others to take a position on privacy practices, a task force would need to be assembled to investigate Zoom. There is reportedly mounting support in the U.S. Senate to look into the platform’s cybersecurity lapses. The ongoing protocol articulated by FTC Chairman Joe Simons is that “any time you see a press report of a significant privacy issue, a potential privacy violation of our authority, it is safe to assume that we either are investigating it already or shortly after that media release, we will investigate it.”
Everyday people too often see Congressional oversight turn into a dog-and-pony show. The Senate’s Facebook probe and questioning of Mark Zuckerberg rank among the best examples. That begs the question of whether such investigations can be fruitful and productive. Or — more importantly — lead to improved cybersecurity.
Experts tend to agree that highly public investigations may not be the best pathway to technology improvements. User responses, customer reviews, and endorsements by cybersecurity professionals organically permeate the technology market landscape. In essence, Zoom’s popularity will rise and fall based on its proactive responses to emerging threats and secure privacy. Industry insiders also tend to agree that the most significant issue facing Zoom revolves around a lack of complete encryption privacy.
“End-to-end encryption should be a standard going forward in all communications with today’s software,” Carl Fransen of CTECH Consulting Group reportedly said. “There is no reason why this should be neglected.”