Zoom ‘Lied,’ Faces Criticism for Newly Discovered Lax Security Practices



… varying opinions as to whether companies should ban the use of the service.

“Zoom security stuff is awful and this will just get worse,” said Ben Johnson, founder and CEO of managed services provider Liberty Technology.

Peter Fidler, president of WCA Technologies in New York City, said he wasn’t impressed with Zoom’s original response last week.

“I think Zoom’s response fell short,” Fidler said. “Their onboarding should have included a getting started security guide. They knew they were not selling subscriptions to the enterprise.”

Fidler acknowledged customers have ramped up on the use of Zoom.

“They could probably use [Microsoft] Teams but they are more comfortable with Zoom,” he said.

Indeed, many organizations have gravitated to Zoom. Why? Because it is easy for non-technical people to set up a meeting and use the service. Critics argue it is that ease of use that has resulted in weaker default security settings. Zoom’s subscriber base has jumped from 10 million users at the beginning of this year to 200 million, or 20x, in the wake of COVID-19.

“That’s some explosive growth,” according to a blog by Scott Gombar, owner of NwajTech, an MSP in Meriden, Connecticut. “Zoom’s platform has remained stable throughout.”

Zoom’s Security Changes

Zoom also announced changes that will require passwords for all users of the service, which includes instant meetings and those dialing in by phone. Zoom also is automatically enabling the waiting room feature, allowing moderators to control who can joining a meeting.

Gombar, who posted 12 tips on April 4 outlining how to hold more secure Zoom meetings, noted some of the security issues, but said he remains confident in Yuan.

“Essentially, he explained that the recent growing pains contributed to the vulnerabilities and challenges,” Gombar noted. “He was very transparent with what has been done and what they will do going forward.”

The blame shouldn’t fall squarely on Zoom, he added. It also rests on businesses and consumers who use the platform.

“Security is everybody’s responsibility, and until everybody takes it seriously, these things will continue to happen,” Gombar noted. “I attended five meetings over Zoom last week. Three of them did not have a password on them.”

As reports pointing to Zoom’s lax security practices have widened, Gomar acknowledged it has raised eyebrows among some clients.

“Most clients are sticking with Zoom, but a few have opted to use MS Teams/Skype for Business,” he noted. “A few therapists have used Facetime for telehealth.”

Melvin Foo, owner of PC Ninja, a provider of IT services to small businesses in Wyomissing, Pennsylvania, said he would continue to recommend it for smaller organizations, now that Zoom has said it will allow conference moderators to control who can access a meeting and require the use of passwords.

“I think it’s kind of blown out of proportion from that standpoint,” he said.

But Foo said he would steer clients from Zoom if they plan to discuss confidential matters.

“In those cases, I would suggest using another solution,” he said.

Kevin Kieller, co-founder and lead strategist at EnableUC, a technical consulting firm, believes Teams is a better solution, but disagreed that Zoom is sidestepping the issues that have surfaced.

“I believe Zoom as an organization is taking security issues seriously and is being quite transparent in addressing these concerns,” Kieller said. “Many organizations are allowing Zoom use for nonconfidential meetings, like social gatherings, where the 7×7 tile display is appreciated but is requiring a more secure option, such as Microsoft Teams, for any meeting that is discussing sensitive information.”

Pages: Previous 1 2

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 135193