Friday, April 17, 2020
In an April 1, 2020, blog post titled “A Message to Our Users,” Zoom CEO Eric Yuan admitted the company had not foreseen its global spike in usage in public and private sectors. “Usage of Zoom has ballooned overnight – far surpassing what we expected when we first announced our desire to help in late February,” he wrote.
Yuan noted that over 90,000 schools in 20 countries use Zoom for remote education. “To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million," he said. "In March this year, we reached more than 200 million daily meeting participants, both free and paid.”
Yuan acknowledged bad actors had exploited Zoom’s vulnerabilities in the initial weeks of the global pandemic. As reports of Zoombombing attacks circulated in TechCrunch, The New York Times and other major media, he doubled down on his promise to protect infrastructure integrity, to ensure that all Zoom users, "new and old, large and small, can stay in touch and operational."
In a March 20, 2020, article, titled, “‘Zoombombing’: When Video Conferences Go Wrong,” New York Times journalist Taylor Lorenz observed that default settings in Zoom enabled meeting participants to join meetings and share screens without permission. Trolls used these openings to inject meetings with hate speech and pornographic content, she noted, forcing hosts to shut down events.
“Anyone who has a link to a public meeting can join,” Lorenz wrote. “Links to public Zooms are traded in Facebook Groups and Discord chats, and are easily discoverable on Twitter and public event pages.”
In addition to patching vulnerabilities with software updates and educating users on best practices, Zoom took the following steps to improve its security posture:
Security analysts applauded Yuan for his transparent, decisive response to recent Zoombombing attacks. Cybersecurity expert Chuck White, CTO at Fornetix, recommends reviewing Zoom’s 90-day plan, published April 1, 2020, on Zoom’s blog, and implementing meeting passwords when using the Zoom platform.
Organizations must continue to address top threats to data security, White stated, by shielding remote workers from cyber risks and employing cyber-hygiene protocols to mitigate system protection failures. He added that to effectively protect sensitive data, IT managers must identify all of the places where data resides and employ an encryption strategy that covers their entire infrastructure out to the edge.
Yuan plans to share further details about Zoom’s new security updates and feature sets in an “Ask Eric Anything” webinar on April 22, 2020 at 10 a.m. EST. For additional details or to register for the event, visit: zoom.us/webinar/register/WN_9jdr63uuRuSRBX-yEJ2zVQ?id=3IWjZb4JTJm0II3A4lkBOg.
Additional information about Zoom’s 90-day security plan and software updates can be found at: blog.zoom.us/.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.