Zoom Video Conferencing and COVID-19
Zoom (a video conferencing service), whose recent increase in use has skyrocketed as a result of COVID-19 remote work, is saving us from telephone conference calls and instead, allowing us to see work colleagues, clients, teachers and fellow students in real-time on our device screens.
Now, Zoom is advising its users to check their privacy and security settings before merely jumping on board.
Why This MaTters
The users of new technology need to ensure that privacy and security settings are correctly configured before they begin using the product or service.
Hijackers will not be given access to Zoom meetings once users configure the proper privacy and security settings.
Zoom continues to evolve, taking on board the surge in volume and sensitive data being shared on its platform, making necessary adjustments to its privacy and security policies once problems are discovered.
Zoom offers reliable, easy-to-use alternatives for videoconferencing during COVID-19 remote work and education. Businesses, organizations, and schools are quickly relying on Zoom during the coronavirus outbreak. Sign up for free, login, and go.
As with all new technology, users need to take precautions to ensure privacy and security on Zoom.
If you are not practicing good cyber hygiene, you may have a problem. The Zoom website has an entire section dedicated to COVID-19 with blog posts on how to stay secure when using Zoom. If you have not followed their guidance, you may be vulnerable.
Unfortunately, the FBI has received multiple reports of Zoombombing. Internet trolls are hijacking and disrupting public Zoom meetings using the screen-sharing feature to project graphic content to conference participants, forcing some hosts to shut down their events.
New York Attorney General
The New York Attorney General contacted Zoom stating that it is “an essential and valuable communications platform” but expressing concerns about security vulnerabilities that could enable malicious third parties to gain surreptitious access to consumer webcams as well as their ability to adapt to the recent surge in volume and sensitivity of data being passed through its network.
In late March 2020, Motherboard reported that software inside the Zoom iPhone app sent users’ device data to Facebook without making this practice clear to users.
Zoom’s CEO apologized for the oversight and confirmed Zoom’s commitment to protect and not track or sell users’ data. Zoom removed the tracking software once they learned that Facebook was collecting unnecessary device data and that it did not include personal user information (now verified by Motherboard).
The caveat: users need to update the latest version of the iOS app for these changes to occur on their device.
CCPA Class-Action Lawsuit filed against Zoom
On March 30, 2020, a resident of California has filed a class-action lawsuit in federal court in San Jose (where Zoom is headquartered), seeking a declaration that Zoom violated the California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. This comprehensive privacy law protects consumers’ personal information from collection and use by businesses without appropriate notice and consent.
In this matter, the plaintiff seeks actual, punitive, and statutory damages (which are not less than $100 and not greater than $750 per consumer per incident, whichever is greater under the CCPA) plus attorneys’ fees and costs per California law.
The complaint requests Zoom to timely and adequately rectify the violations. The CCPA provides a 30-day notice giving companies the opportunity to cure the alleged breach and avoid litigation. Individual or class actions for statutory damages cannot be brought if a business 1) cures a violation within 30 days, and 2) notifies the consumer in writing that it has addressed the issue and that there will be no further violations.
Users must implement the privacy and security measures that Zoom suggests for the best outcomes, including for example:
- Create a password for each Zoom meeting
- Create a waiting room to keep track of all participants who join the meeting
- Lock down the meeting once it has begun
- Do not share the Zoom meeting link on social media.
- NYT reports on New York’s AG letter to Zoom: https://www.nytimes.com/2020/03/30/technology/new-york-attorney-general-zoom-privacy.html?campaign_id=9&emc=edit_NN_p_20200331&instance_id=17204&nl=morning-briefing®i_id=113838197§ion=topNews&segment_id=23382&te=1&user_id=c84c5acd9af114bdd315ba7f1f2417bc
- Motherboard on the iOS app: https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
- Zoom sued https://adage.com/article/digital/zoom-sued-allegedly-illegally-disclosing-personal-data/2247166?utm_medium=social&utm_source=twitter&utm_term=adage&utm_content=baf61913-26a4-4ec8-a6f4-6687b756d1d7&fbclid=IwAR1Sfzchpj49LauXRbqelJO5t-HTl1TEazjJdpK5x5f5qHrIfTNL_JHHxAQ
- Adage on lawsuit filed against Zoom: https://adage.com/article/digital/zoom-sued-allegedly-illegally-disclosing-personal-data/2247166?utm_medium=social&utm_source=twitter&utm_term=adage&utm_content=baf61913-26a4-4ec8-a6f4-6687b756d1d7&fbclid=IwAR1Sfzchpj49LauXRbqelJO5t-HTl1TEazjJdpK5x5f5qHrIfTNL_JHHxAQ
Cyber Insurance Solutions
Cyber insurance is your go-to option when you are looking to transfer some of this risk that cannot be fully mitigated:
- Social engineering coverage, including employee education and risk mitigation services
- Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
- Data breach coverage, including direct first-party losses and third-party liability and damages
- Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
- Employee training and educational tools to help prevent attacks and protect your network / data