Can Zoom’s new security initiatives win back users?

Before the outbreak of COVID-19, I can’t help but wonder how widely known Zoom was.  I had certainly never heard of it, but everyone seems to be using the service these days.  With fame, however, comes the spotlight and scrutiny.  If the company hadn’t been prioritizing their security, this Zoom boom is certainly making them reassess.  People are expecting the same level of cybersecurity as they would of any other service, and have so far found it questionable.

According to Help Net Security, to meet the explosive demand from new users, Zoom focused on performance at the expense of user privacy.  This included meeting traffic routed through servers located in China.  Whether they’re working in espionage or fraud, hackers can and have been phishing for Zoom user accounts, for bugs, and selling their stolen goods.  Zoom bombing has also become a thing, allowing anyone with login information to hop on another group’s meeting.

As a result of the previously lackluster security stance, a number of people have since stopped using the platform.  Sometimes by mandate.  Certain entities like Tesla and Google have the barred the workplace use of Zoom for their employees, due to the security risk it has posed up until this point.

Zoom is still hoping, however, that it won’t be too late.  Seemingly in a mad dash, their CEO, Eric Yuan has since announced a 90 day plan to help improve their security and privacy stance, dedicating their resources fully to the endeavor and making the app’s security features more transparent.  Bolstering their encryption to an AES 256-bit GCM encryption standard and giving more options to paid customers are other initiatives on their plate.  And according to Yuan’s statement, this is “just the beginning.”

Zoom may have been unprepared for our current situation, but they are hardly alone.  A survey from the Cyber Readiness Institute indicates small business feel they’re in a lose-lose scenario here.  Half think remote work will lead to more cyberattacks, but around 40% feel that the instability of the current crisis will prevent them from making sound cybersecurity investments.  Less than half have offered their employees cybersecurity training for remote work; only 33% have done so in companies with fewer than 20 employees.  Too many businesses have understandably been caught off guard by this global turn of events, but they will have to act quickly if they want to ensure their customer trust and loyalty.


By: Jonathan Weicher, post on April 22, 2020
Originally published at:
Copyright: NetLib Security