Chris Goodchild, Director of Supportwise IT Services, based in Royal Wootton Bassett, gives his advice for using the virtual software solution everyone is talking about, Zoom.
As we now have to work from home unless our job roles are deemed essential, there are millions of us now affected by self-isolation and social distancing restrictions.
It also seems in the world of business that Zoom seems to have become the de facto go-to tool for remote conferencing for both work teams, clients or customers.
However it’s not the only option out there – have you heard of Slack for internal comms? Or perhaps Avaya Spaces for internal or external? Microsoft Teams is also a very good alternative.
Back to Zoom
In July last year, a Zoom vulnerability was found where a component of Zoom could potentially allow the hijacking of Mac cameras.
This was due to a web server being installed, which accepted requests that normal browsers wouldn’t.
Even if Zoom was uninstalled, the server remained and Zoom could have been reinstalled without user intervention. There was much angst about this at the time and Zoom moved quickly to patch this issue.
I would say however that those using Zoom should still be aware of the possible hidden ‘talents’ of this platform…
Did you know your boss can see when you’re not paying attention?
Zoom has a feature called In-focus Monitoring. A presenter is alerted if you’ve been inactive or out of focus for more than 30 seconds while someone is sharing their screen. Whether you’re on a PC, Mac, Android or iOS this feature works. If, for example, you’re taking notes on another screen or device, the presenter will still be alerted. This is not mentioned when starting a meeting and the onus is on the presenter to let attendees know that this has been activated.
Did you know all meetings are recorded in full and can be shared or used subsequently?
If you participate in a Recorded Meeting or you subscribe to Zoom cloud recording services, we collect information from you in connection with and through such Recordings. This information may include Personal Data. Meeting hosts are responsible for notifying you if they are recording a meeting, and you will generally hear a notice or see an on-screen notification when recording is in progress.
While a user may be notified that the meeting is being recorded, sensitive information could be captured so should not be “in-shot” at any time. You have to be extra cautious around this.
What are my top tips for holding a Zoom meeting?
- Consider what’s behind you! If there is a front/back door or a window present in the background – this could potentially give unwanted people knowledge of the security of your home.
- Keep your background as plain as possible, do not inadvertently share by default anything which could reveal financial, personal, or confidential information, this includes photographs of children. Zoom gives you the option to choose a different background such as your logo or something else, based on the files on your PC.
- Aim your webcam to above waist height, ideally your shoulders and head – if small children are present in the room this should avoid them being caught up in the feed
- If you wanted a minimal amount of information sent to Zoom – then dial in using a standard telephone if the presenter has allowed this option however you won’t be able to see shared screens.
- When screen sharing, try not to have company sensitive information open and only share what is relevant to the meeting.
- Do not browse any sites while the Zoom meeting is in progress unless it’s relevant to the discussion and even then think carefully about it. Better to send a link later via email.
Where are Zoom in all of this?
They have updated this to state that they do not exchange user data for payment. While this may mean that they do not “sell” your data, they openly admit to transferring your data to third parties:
That said, Zoom does use certain standard advertising tools which require Personal Data (think, for example, Google Ads and Google Analytics). We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the Internet, serving personalized ads on our website, and providing analytics services). Sharing Personal Data with the third-party provider while using these tools may fall within the extremely broad definition of the “sale” of Personal Data under certain state laws because those companies might use Personal Data for their own business purposes, as well as Zoom’s purposes.
What could Zoom do to improve on this in my opinion?
All of their servers are located in the US which means data is subject to the EU-US Privacy Shield which was implemented in 2016. However, not only does this cause connection issues (as all traffic has to run through the US) they do not have a physical presence in the EU.
This makes GDPR requests difficult because of time differences. They have nominated an expert in the US as their data protection officer.
To help Zoom could implement servers across the UK and Europe and process data directly here, with an option to opt-out of transfers to the US. Even though this is protected by Privacy Shield, given the circumstances with the number of users, those that are privacy focused may not accept this “automatic transfer” while still trying to remain productive.
Supportwise IT Services provides, support, advice and expertise around technology, existing software and new software. It can upgrade and maintain systems and processes so that clients stay compliant and are protected from cyber crime. Visit Supportwise IT online at: www.supportwise.co.uk and follow them on Twitter: @SupportwiseIT