Cyber Threat Alert

Zoom Video Conferencing and COVID-19

Zoom (a video conferencing service), whose recent increase in use has skyrocketed as a result of COVID-19 remote work, is saving us from telephone conference calls and instead, allowing us to see work colleagues, clients, teachers and fellow students in real-time on our device screens.

Now, Zoom is advising its users to check their privacy and security settings before merely jumping on board. 

Why This MaTters

The users of new technology need to ensure that privacy and security settings are correctly configured before they begin using the product or service.

Hijackers will not be given access to Zoom meetings once users configure the proper privacy and security settings.

Zoom continues to evolve, taking on board the surge in volume and sensitive data being shared on its platform, making necessary adjustments to its privacy and security policies once problems are discovered.

Description

Zoom offers reliable, easy-to-use alternatives for videoconferencing during COVID-19 remote work and education. Businesses, organizations, and schools are quickly relying on Zoom during the coronavirus outbreak. Sign up for free, login, and go.

As with all new technology, users need to take precautions to ensure privacy and security on Zoom.
If you are not practicing good cyber hygiene, you may have a problem. The Zoom website has an entire section dedicated to COVID-19 with blog posts on how to stay secure when using Zoom. If you have not followed their guidance, you may be vulnerable.

Zoombombing

Unfortunately, the FBI has received multiple reports of Zoombombing. Internet trolls are hijacking and disrupting public Zoom meetings using the screen-sharing feature to project graphic content to conference participants, forcing some hosts to shut down their events.

New York Attorney General

The New York Attorney General contacted Zoom stating that it is “an essential and valuable communications platform” but expressing concerns about security vulnerabilities that could enable malicious third parties to gain surreptitious access to consumer webcams as well as their ability to adapt to the recent surge in volume and sensitivity of data being passed through its network.

Zoom updated its privacy policy after users reported concerns, and the CEO, Eric Yuan, posted a link on Twitter to a company blog about the policy. Mr. Yuan confirms that Zoom takes its users’ privacy, security, and trust extremely seriously while helping hospitals, universities, schools, and other businesses around the world stay connected and operational.

Data Sharing

In late March 2020, Motherboard reported that software inside the Zoom iPhone app sent users’ device data to Facebook without making this practice clear to users.

Zoom’s CEO apologized for the oversight and confirmed Zoom’s commitment to protect and not track or sell users’ data. Zoom removed the tracking software once they learned that Facebook was collecting unnecessary device data and that it did not include personal user information (now verified by Motherboard).

The caveat: users need to update the latest version of the iOS app for these changes to occur on their device.

CCPA Class-Action Lawsuit filed against Zoom

On March 30, 2020, a resident of California has filed a class-action lawsuit in federal court in San Jose (where Zoom is headquartered), seeking a declaration that Zoom violated the California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. This comprehensive privacy law protects consumers’ personal information from collection and use by businesses without appropriate notice and consent.

According to the suit, Zoom’s privacy policy does not explain the code that allows the device data transfer to Facebook (and possibly other third parties) or the unique advertising identifier shared with advertisers. This information is sent to Facebook by Zoom, regardless of whether the user has an account with Facebook.

In this matter, the plaintiff seeks actual, punitive, and statutory damages (which are not less than $100 and not greater than $750 per consumer per incident, whichever is greater under the CCPA) plus attorneys’ fees and costs per California law.

The complaint requests Zoom to timely and adequately rectify the violations. The CCPA provides a 30-day notice giving companies the opportunity to cure the alleged breach and avoid litigation. Individual or class actions for statutory damages cannot be brought if a business 1) cures a violation within 30 days, and 2) notifies the consumer in writing that it has addressed the issue and that there will be no further violations.

TAKEAWAYS

Users must implement the privacy and security measures that Zoom suggests for the best outcomes, including for example:

  • Create a password for each Zoom meeting
  • Create a waiting room to keep track of all participants who join the meeting
  • Lock down the meeting once it has begun
  • Do not share the Zoom meeting link on social media.

Sources:

Cyber Insurance Solutions

Cyber insurance is your go-to option when you are looking to transfer some of this risk that cannot be fully mitigated:

  • Social engineering coverage, including employee education and risk mitigation services
  • Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
  • Data breach coverage, including direct first-party losses and third-party liability and damages
  • Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
  • Employee training and educational tools to help prevent attacks and protect your network / data
This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Remote Work Covid-19

Cyber Armada Team
Posted by Cyber Armada Team on Apr 1, 2020 5:23:54 PM
Application

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada
Appointment

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment