Covid-19 is changing the way we communicate – but who do you trust to deliver the change?
It’s been said a lot recently that we are living in unprecedented times. I don’t think anyone could ever have imagined the current mass lockdowns, forcing companies to embrace new ways of doing business. Thank goodness for technology and more specifically for Video Conferencing. Almost overnight all VC/Collaboration solutions have seen a huge spike in new users signing up. Solutions such as Zoom, HouseParty, Bluejeans, Microsoft Teams, Cisco, Avaya and Google Hangouts have all seen a big increase in traffic. Companies and individuals are frantically trying to find new ways of working and keeping in touch with customers, colleagues, family and friends, around the globe.
One front runner Zoom, reported they had seen well over 500% more daily traffic to their Zoom.us download page in the last month. We have seen celebrities and politicians such as the British PM Boris Johnson and the former US federal reserve chair Alan Greenspan used it for conferencing as they work from home.
Whenever there is suddenly a huge demand for an urgent new solution factors like convenience, price and ease of use are top of the agenda, and the usual due diligence often goes out of the window. It’s no surprise then that some solutions have experienced some bad press. HouseParty were the victim of a totally false report doing the rounds on social media that they had been hacked. Fair to say the company were so “hacked off” that the owner of HouseParty has set a $1 million (£810,750) bounty to anyone who provides evidence that the video chat and game app fell victim to a commercial smear campaign. Zoom have also had considerable bad press with a number of articles in the Guardian and other Tech publications accusing the software of being a “malware” and “a privacy disaster”
This current scrutiny of Zoom does raise the question: Are all these Video Conferencing solutions really safe? We know that not all software is created equally. Any technology company can be subject to a cyber-attack, but we should at least do some due diligence to choose the right product. These 3 factors should guide you in making your choice of service provider:
- Easy to use
- Feature rich
Zoom Reported Vulnerabilities
Yes, it’s true that upon a little investigation you can find out that Zoom received a report in March of 2019 about a flaw in their application for Mac. Unbeknown to the Mac user, installing the Zoom client also installed a web server that Zoom used to speed up the launching of Zoom meetings. Even after the Zoom client was uninstalled, this web server remained. Zoom appeared to do nothing about this breach until it was publicly announced. On July 9, they provided a patch, but it ultimately took a patch from Apple to remove this silent web server. Then again in October 2019 Cisco contacted Zoom with a concern over their “Zoom Connector” This time, the Zoom Connector for Cisco would allow anyone on the Internet with a specific Zoom URL to gain access to the browser interface on Cisco endpoints without requiring any authentication on the Zoom cloud or on the endpoint inside the enterprise firewall. Once connected, this unauthorized person could control the endpoint, see the video, hear audio in the meeting room, and make calls. The same is true of Zoom connectors for PolyCom and Lifesize endpoints too; these endpoints are similar in that they all have administrator web interfaces that allow browser-based management and control of their video devices. Besides identifying a serious security breach, Cisco has also taken Zoom to task for the display of its copyrighted logo on its website without authorization; justifiably they are not impressed.
On November 25 Zoom released a statement saying that it had released a patch on that fully resolved the vulnerability. The statement said, “We were glad we could resolve this matter to ensure the continued security of our platform.” This public statement is now also available on the Zoom website.
Have a strong password and never share your meeting ID..
So let me be clear, despite the current ongoing reports in the press today provided you ensure that you have a strong password and never share your meeting ID there is little evidence today that Zoom is less secure then some other comparable solutions and there is not no evidence that any of the previous vulnerabilities were ever exploited. It should be fine for most types of personal use. It’s also true that some of the articles in the media are somewhat sensationalised and over exaggerated. There is no question that Zoom should not be classed as a Malware – it clearly isn’t! Putting a password on the Zoom URL before someone can just dive into the browser interface on Cisco, Poly, and Lifesize endpoints from the Zoom’s cloud is a big help. However, it is reported that Cisco still has an architectural beef with how this “workaround” gains access to its video device interface.
MS Teams is a step up
For most organisations who will be more sensitive about security, I would look at other solutions such as Microsoft Teams. We all know that over the years Microsoft have had their own failings in the area of privacy but these days security and compliance is at the forefront for Microsoft. Their solutions such as Office365 which includes MS Teams have matured over a long period of time. It takes a mature company to learn the lessons of past mistakes to be able to build mature products with high levels of security. Whilst Zoom may still be on that journey to maturity and will need to overcome some naivety when it comes to software development Microsoft have learnt that lesson the hard way.
Of course no software can 100% prevent all phishing attempts and malware or ransomware attacks but rest assured if your privacy is important to you then Microsoft Teams is a step up from its competitors. According to Microsoft, “Teams is built on the Office 365 hyper-scale, enterprise-grade cloud, delivering the advanced security and compliance capabilities our customers expect.” Microsoft classified Office 365 into four basic compliance categories: A, B, C, & D. Teams fits into the “D” category, which enables security compliance services by default. Additionally, Teams features two-factor authentication and encrypted data (in transit and at rest) as well as DLP, Mobile Device Management and access to the Office365 Security & Compliance Centre. If you’re still not convinced about switching to Office365 and MS Teams you can get more details around security on Microsoft’s Compliance Page.
References used in this article from: