Zoom Best Practices: Is Your Online Conferencing Platform Safe? A Legal Perspective

Blog

Is Zoom safe? (No technology is 100% safe). Does it meet the standards of confidentiality and privacy that you need? YES, it is—safe enough to be used by judges, lawyers, and everyone—if used correctly.

Which Platform is the “Best”?

Asking which platform is the best is like quibbling over the browser or email client you prefer—there are many options, and some may be better than others depending on your preferences and business needs. Recently I found myself on Zoom, Webex, and MS Teams for meetings and webinars (also On24). I was most comfortable on Zoom, but that is because I have spent the most time on Zoom and have the best understanding of how that particular platform works.

A side note: do not be put off by the federal government forbidding its employees from using Zoom. I spent many years working in spaces where cell phones are forbidden, so restricting government employees from downloading and using Zoom to conduct business is business as usual. Unlike the private sector, the government cannot allow people to download the flavor of the day on a government system (nor should you, either)—this is just one form of risk management.

In terms of safety, no software tool is 100% safe, and if it is, the period of safety is of some transitory duration, and then a software update is required to mitigate new risks. While every tool and software program has its limits, you can bet Zoom is making heroic efforts to secure its platform right now (new Zoom 5.0 update is required by May 30th). Just like right after a plane crash is the best time to fly (so is right now!), right now is a good time to be on Zoom because of all the attention to the platform and privacy concerns. If you want proof, visit their site—it is full of helpful articles, videos, and statements from their leadership about their dedication to privacy and security—even for those using the free version. When have you seen a tech company do that? Not often.

Back to platforms…

All platforms have risks and pros/cons depending on what is important to you. If you are already an Office365 organization, MS Teams is a great tool because it is integrated into your suite of tools. A word of caution: right now is not a time to jump into a new technology thinking it is safe, especially if you do not understand how to use it. One of the greatest contributors to the episodes of “zoombombing” has been a lack of knowledge on the meeting organizer’s part on how to USE the platform tools. User error is the biggest risk in using these platforms, but also the cheapest and easiest to mitigate. I recommend companies running meetings take a few minutes to educate their people on how to use the platform, particularly how to limit screenshare, file transfer, and other controls on the meeting. Check out the best practices below.

What about “Zoombombing”?

We all jumped on Zoom and then the media spun up the hacking fears over Zoom such as bad people “hacking” into other people’s meetings. However, this is not an example of sophisticated hacking or really hacking at all. Meetings that were disrupted was largely because meeting links were posted publicly or distributed widely. Since there was no password to join the meeting, people just came in. In the wake of an effort to gain as wide an audience as possible, some educational institutions have allowed everyone in. Of course, when you do not set any parameters on who can enter and who can speak, you get everyone including the village idiot.

The good news is there are some easy steps you can take to keep your meeting secure, and in fact, Zoom is changing its default settings to require people wishing to enter a meeting to have a password, and unless you turn it off, people must wait (in the waiting room) until they are admitted by the organizer—even for free accounts.

Online Platform Best Practices

I am going to use Zoom as an example but think of these online meetings as you would a physical meeting or conference. Would you allow people to walk into your office without checking in with someone? Walk around with no badge/identification? (I sure hope not!)

Here’s a list for organizers to do:

  1. Use a meeting identification number and NOT YOUR PERSONAL meeting number (PMI on Zoom).
  2. Require a password!
  3. Put this information somewhere limited, for example, in an email—even if it is just between friends for a casual happy hour.
  4. Control screensharing and file transfer privileges. Do not allow just anyone to take control of the meeting.
  5. Lock the meeting once everyone has arrived (shut the door).
  6. Do not be afraid to mute people and control for distractions. Etiquette is important so communicate any ground rules.
  7. Use a VPN to connect if you are concerned.
  8. NEVER use public WIFI or unsecured WIFI (including the one at your house)
  9. Do NOT share really sensitive data in an online meeting such as wire information or bank account numbers. Communicate those separately over the phone or another secure method.
  10. Do NOT record the meeting unless you are in an educational setting and you could share every part of the meeting with anyone, including a complete stranger.

Publishing a zoom meeting link is like posting your home street address—obviously not a good idea unless you really do not care who walks into your house party.Do not give up control, either, even if someone innocently tries to take it because they do not know what they are doing so they click on EVERYTHING (I witnessed this recently in a non-work setting).

What about Those in Professions With Privileged Information?

The risk of inadvertently exposing information on a Zoom call is probably low (if you use the platform in a secure manner). Taking steps to ensure the online meeting is safe and only has the required people involved is likely sufficient if you have trained your people. Take a few minutes to make sure your employees are comfortable with the technology—do not assume! Training is important in order to mitigate the risk of using this type of technology. A brief rehearsal prior to an online presentation such as a webinar or a critical client presentation is more important than ever while we navigate the current challenges of remote life.

About the Author or Referenced Attorney

Venkat Balasubramani

Venkat is primarily a litigator, and his practice focuses on commercial and intellectual property disputes. He also counsels clients on privacy, social media, marketing and other issues in the Internet space.

Lachlan Huck

Lachlan Huck’s practice focuses on commercial transactions, financings, mergers and acquisitions, business licensing, as well as corporate law and governance. He particularly enjoys helping small-cap and mid-cap companies bring products to market.

Focus on what matters. Focus on what works.