There have been some reports in the media of Zoom not being secure. Zoom have done a lot to address these vulnerabilities, and continue to do so. There are also simple measures you can take to ensure you are using it as securely as possible (see below) meaning the benefits offered by Zoom of being an affordable and usable platform probably outweigh security concerns in most instances.
Keep on top of updates: Zoom do release updates with security improvements and it's best to use the most recent version. You should get a message when you log in if an update is available. But it’s a good idea to check you have the most up to date version, particularly if you are experiencing sound or connection issues. Each Zoom user will need to do this on each individual device they use to access Zoom meetings. To do this log into the Zoom client (the programme installed on your device that allows you to run Zoom), click on your profile image and select 'Check for updates'.
Zoom bombing: this is an uninvited person being able to join and disrupt a meeting, and then potentially gain access to a user’s computer. Zoom are addressing any potential issues and there are things you can do to protect yourself:
- When you create your Zoom account you have the option to sign up / in with Google or Facebook account – it’s safer not to do this and to just use an email address.
- Always set up meetings with a password required to enter.
- Note that in Settings there is an ‘Embed password in meeting link for one-click join’ option. This means the link for a meeting will include the password – so anyone who has the link essentially has the password – this makes joining simple – but is also a bit less secure. If you do use this setting, make sure you don’t share the link with anyone who you don’t want to join.
- Not sharing any joining information publicly is a good general rule in any case.
- Always use a Waiting Room so the host controls who actually gets in to the meeting.
- Once all participants are in the meeting the host can Lock The Meeting, preventing any additional or unwanted joiners.
Sensitive data: Most concerns relate to the possibility of confidential and sensitive data being accessed by hackers. The key question is; do you have any of this type of data stored in your account, discussed in meetings or stored in recordings of meetings? A government department meeting or a medical consultation almost certainly would; a teaching session with a child may present safeguarding issues. We think that for the purposes most groups are using Zoom, it is not very likely and so the risks are low.
Data hosting: Another security concern is about where in the world your meetings are hosted. Although all participants might be in the UK the data being sent between participants (e.g. images and audio) could be going through anywhere in the world. If it is a region that does not have robust privacy laws, the data being passed is not necessarily secure.
Paid for Zoom accounts can set which region they want data to go through. In settings go to ‘Select data centre regions for meetings/webinars hosted by your account’ and select it to ‘Europe’. USA will also be default selected and cannot be changed.
The free account does not have this option and will be defaulted to USA only.
In an ideal world it would be Europe only. However, as above, balancing the type of data of groups are likely to be exchanging, against the benefits of Zoom, we don’t think data going through the USA poses a significant risk.
Recordings: There have been some security concerns around where recordings of meetings are stored and who might gain access to them. This could be problematic for recordings that contain confidential organisational, or sensitive personal, information. Participants recording the meeting presents another risk as the recording is not controlled by the host.
Whilst a recording of an online rehearsal is unlikely to contain confidential and sensitive data, our recommendation is to only record meetings if there is a very good reason. If you don’t need it, why create the risk at all?
Within the settings menu there is a recording tab, which allows you to set your recording preferences. We recommend turning off all recordings as your default – that will mean no one can record the meeting.
There will be some circumstances where a recording is useful (to help with minutes for board meetings for example). If you do want to record the meeting, then you need to enable recordings within your account settings before the meeting starts (remember to disable it again after).
Paid for accounts have the options of saving the recording to your local computer or in the Zoom cloud (they are stored by Zoom and you access it through your account, this can be useful in terms of saving storage space on your computer). Free accounts do not have the Zoom cloud options, so recordings can only be saved on your local computer. In either case there are some simple steps you can take to make sure your recording is as safe as possible:
- Stored on local computer: the recording file will be saved to your computer with an automatic file name in a standard format - change this file name to something else, personal to you.
- Zoom cloud:
- Make sure your account is set up so that data is stored in Europe (see data above)
- Make sure it requires a password to access it
It's also a good idea to regularly delete recordings from both locations when they are no longer needed.
