From the 5th November, the country will start a new four-week lockdown. Over this period Datcom will continue to provide the highest level of support and service to our clients, no matter whether you are working from home, in the office or on the road.Read More
For many organisations Zoom has become one of the primary methods for communicating during the COVID-19 crisis. The heightened awareness of Zoom has prompted several security issues that customers need to be aware of.Due to these unprecedented times, the requirement for remote collaboration and video conferencing has come into the spotlight. A popular tool that has emerged is Zoom conferencing utility, however multiple vulnerabilities and risks have been identified with the use of this software.
1 Zoom BombingUnsecured meetings, meetings setup as public, allow anyone to join the meeting. This can cause disruption to meetings, risk data and information exposure.
2 End To End EncryptionZoom does not use 100% complete end to end encryption. Anything you say in the meeting could potentially be recorded by a third party.
3 Encryption StandardsZoom stated that their encryption levels were AES 256, the encryption levels have actually been confirmed as AES 128. AES 128 is still strong encryption, but this non-trival discrepancy should raise concerns of the overall level security of the product. Note, Zoom have now corrected this error in their marketing.
4 Zoom Path VulnerabilitySecurity researchers have disclosed details of a path injection vulnerability in the Zoom remote conferencing client for Microsoft Windows. They claim a remote unauthenticated meeting attendee can exploit this vulnerability to obtain other attendee's usernames and session (NTLM) credential hashes, comprising your local computer and network.
Our RecommendationDue to the number of security issues we advise that organisations refrain from using Zoom where any personal information or sensitive business information is discussed. Also if your business operates in any security sensitive industry.
AlternativesAt Datcom we utilise Microsoft Teams, Microsoft have made Teams free for use for all organisations, but does require the creation of an Office 365 account. Microsoft also have a free version of Skype without the need for the creation of an account.For more information please contact your Account Manager.
Are you getting the most from your Microsoft 365 subscription? Are you using Power Apps or Power Automate to help make efficiency and cultural improvements in your business? Here is an example at Datcom of how we used Power Apps to improve team members communication and to prompt team working.Read More