Many of you have seen recent news related to Zoom and their challenges related to ‘Zoombombing’ and other privacy concerns.
Are we at risk from using Zoom?
In general, we view Zoom as a non-secure means of video conferencing. It can be used for non-secure conversations, but a user shouldn’t expect absolute anonymity.
What should we use?
At CSU, Microsoft Teams is our supported standard for meetings that require a higher level of security and privacy. These meetings may include conversations that touch on private topics, or where sensitive information may be exchanged in voice or text chats, or where documents may be exchanged... in all of these cases, MS Teams is our recommendation. Microsoft provides us with encryption, the possibility of strong access control, and contractual agreements that make us more confident about the protection provided by Teams.
If Zoom is used, are there additional guidelines to be aware of?
We understand that a number of campus areas are using Zoom for meetings, instruction, and social interaction. Given this, we recommend:
1) Keep your Zoom client version up to date. Be sure you are using a recent version, so that it is patched against vulnerabilities. Zoom has released new updates that address some of the recent concerns.
2) Zoom is best for non-secure conversations. Zoom should not be used when discussing sensitive topics, or for relaying sensitive information.
3) The chat feature of Zoom is a useful tool, but has had a vulnerability in the way it treats links on online information. At this time, we recommend avoiding including links in Zoom chat.
4) Use the features provided with Zoom to limit attendance where feasible. These features include a waiting room and meeting passwords.
5) Do not use personal meeting IDs (which stay the same from meeting to meeting); instead, create a new meeting ID for each meeting. This approach avoids personal meeting IDs becoming well-known and published in a way that can be distributed broadly to unauthorized users.