Security by Design
9th November 2020
Quarantine and self-isolation following the Coronavirus outbreak has changed the way we work, socialise and operate. The rise of remote working, video conferencing and virtual socialising has led to a huge spike in the usage of video conferencing platforms such as Microsoft Teams, Zoom and Houseparty, with Zoom’s daily traffic rising by 535% in March alone. There are reasons why Zoom is among some of the latest video conferencing apps that have particularly taken off; it’s easy to set up, easy to use and lets up to 100 people join the meeting for free.
Despite this, these platforms have come under fire over security issues time and time again, with organisations, including Google, banning Zoom from its employees’ devices due to security vulnerabilities.
So, should the rest of us be worried? Essentially – yes.
Zooms’ recent issues have worried the industry on two key fronts: Security and Privacy. Both of which have different ramifications and risks depending on whether you are an organisation, or a consumer.
Before signing up to any product or service you should be wary of how an organisation uses your data. Organisations are typically there to make money, therefore if you aren’t paying for a service or a product you should spare a thought for how else revenue is being generated. Historically this was through advertisements, however the popularity of adblockers and web filters has made this less profitable over time; this paradigm has been shifting towards selling user data for a while now.
By now it’s likely you’ve heard of ‘Zoom bombing’, a term used to describe the unwelcomed joining of uninvited attendees to your conference or meetings, which notably, are open by default. This has been one of the key design flaws in Zoom, and it is not commonly present in competitors products; a key indicator that the product hasn’t been built with privacy by design, one of the core concepts of GDPR.
Zooms’ security and privacy woes only worsened when security researchers discovered that despite being advertised as such there was no end-to-end encryption – something you certainly don’t want when discussing your business and it’s valuable data.
We’re not expecting people to become business experts, no. But if someone was giving away free holidays to everyone that visited the shop you’d be asking ‘what’s the catch?’
OK so is it as bad as it’s being made out to be? Well, at the time of writing this, yes. A database was recently uploaded that contained the usernames, passwords, and meeting IDs of over 500,000 Zoom users. This was no fault of Zoom as the information was obtained from previous leaks from other services. However attackers were able to purchase credentials for less than £0.01 and be able to join meetings they were not invited in to.
Once inside the meeting they were able to leverage a weakness within the platform to harvest user credentials, without the participants knowing!
Founder and CEO of Zoom Eric S. Yuan has recently stated that “We recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry.”
Zoom have also announced that they will be implementing a freeze on any new releases until the recent security and privacy concerns have been addressed in a message to their users.
Admittedly, it’s not unusual for free online applications like Zoom and Houseparty to experience issues, and in particular these video apps were likely unprepared for the vast influx of users in such a short space of time.
However, there seems to be a common belief that there has to be a trade-off between security and usability. Privacy minded consumers should perhaps look for safer alternatives which still provide simplicity, security and free access. Here at Stripe, we wholeheartedly put our trust into Microsoft Teams. Here’s why –
As a leader in security, Microsoft’s Teams meets more than 90 regulatory and industry standards, meaning Stripe confidently entrusts Teams as the platform for our organisation’s meetings.
Corporate Vice President for Microsoft 365, Jared Spataro, stated in a recent blog post “Now more than ever, people need to know that their virtual conversations are private and secure. At Microsoft, privacy and security are never an afterthought. It’s our commitment to you—not only during this challenging time, but always.”
Whilst the Teams platform is primarily aimed at businesses or ‘teams’, those who want individual access can do so via Skype for free, recently leading to a rise in usage from 32 million to 44 million worldwide users.
This is the million dollar question – there are many video conferencing platforms out there and the one you choose ultimately depends on your needs as an individual or business, and how concerned you are about data privacy and security measures.
Whatever platform that you or your business decide to opt for to host your video meetings, there are privacy measures that you should look out for. For example:
Whilst there are video conferencing platforms that undoubtedly offer a simple and hassle-free experience, the security holes may be too large for many businesses or individuals to even consider choosing them over more reliable and trusted platforms.
For more information on how to integrate Microsoft Teams into your business, just get in touch or fill in a contact form here.