Is Zoom secure enough for my happy hour?

Malea Lamb-Hall 9 Apr 2020

Recent reports raise concerns, but I was hoping to raise my glass

In an open letter to all Zoom users, CEO Eric Yuan said that in December 2019, the maximum number of daily Zoom participants reached about 10 million. In March 2020, that number exceeded 200 million. Even now, the company is still racing to catch up with its sudden growth, working rapidly to properly scale security and optimize service for a whole new world of use cases...such as my biweekly 6:30 happy hours with the gals.

Like so many others in the world, my close friends and I have quickly come to count on these digital social hours for sanity and connection in this isolated time. But when I saw that some cities like New York were banning Zoom use for classroom learning due to security issues, I needed to learn more before continuing the 6:30 sangrias. How serious were these security flaws? I dug in and did some research. 

Zoom was initially intended for, and used by, enterprise customers. The security and privacy of the participants was largely overseen and managed by those institutions’ IT staffs. Recent events, however, have driven tens of millions of individuals to Zoom for everything from work meetings to school lessons to religious gatherings to plain old hangout sessions. 

Increased use of the service garnered increased scrutiny. The Citizen Lab at the University of Toronto ran an in-depth study of Zoom’s security and found that its encryption should be upgraded. They conclude that the service is not secure enough for use by governments worried about espionage or professionals handling highly sensitive topics, but “For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.”

Sangria’s a go, people.

The host holds all the security power in Zoom meetings, and that’s me. Zoom security controls are user-friendly, and it’s easy to add the right measures that eliminate Zoombombing and other risks. Here are my Zoom social hour security and settings tips:

  1. Always generate a random meeting ID. I rarely use my personal meeting ID (PMI) to host anything. Your PMI is like your own personal continuous meeting, your virtual space, so think twice before you share it. 
  2. Keep meeting ID off social media. This should go without saying, but I never broadcast meeting details over public channels.
  3. Always require a password. I used to always require a password for my meetings, even though I was just sharing the invitation with a select group of gals. Thankfully, Zoom just updated and now requires a password by default for personal meeting IDs, any scheduled meetings and more. It takes away the extra step for me and keeps uninvited guests out, including people with nothing better to do than try random meeting IDs until they find an open one.
  4. Get your video settings straight: You can choose to use video or not. If you are using it, save yourself unnecessary embarrassment by knowing what your camera can see before you enter a meeting. 
  5. Jury is out on Waiting Room. In principle, the Waiting Room feature is terrific – it’s the velvet rope in front of your club where your participants gather, and then you can invite them in one at a time or all at once. But Citizen Lab reported that they found a severe security flaw in the Waiting Room feature. They did not go into details, giving Zoom time to fix it before others learn of the exploit. Until that resolves, which I’m sure will be soon, I am disabling the Waiting Room feature. 
  6. Get familiar with the host controls. I haven’t had to use them with my group of friends, but the host controls are useful tools to know about if any bad element ever gets into your meeting (or if Karen’s had one too many sangrias and is getting preachy about politics). Hosts can mute participants, turn off their video, control who can screen share, and kick people out of the room. Handy tools to have, even if Karen has been keeping her cool lately. 

You can check the Zoom blog has more tips on securing meetings. CEO Eric Yuan acknowledged the security missteps in a CNN interview, where he vowed to improve on that front. “We learned our lesson,” he said, “And we double down and triple down on privacy and security before we do anything. We want Zoom to be the privacy-and-security-first company.”

With over 200 million daily users, I believe they have the drive to get there, and I bet it won’t take long. In the meantime, the happy hours stand. Go get that dose of human interaction and social connection. Let’s be apart together. Cheers!

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

Related articles

--> -->