Frequently Asked Questions About Zoom’s Security

Last Updated: May 21, 2020

Zoom, the leading video conference software, has received a wave of scrutiny as of late.  Our team has been using Zoom for several years and have been closely monitoring the advancements they have made, including those in response to the recent mass adoption of their software during the COVID-19 pandemic.  Below you will find answers to some of the most frequently asked questions regarding Zoom’s security and how we conduct video meetings.

Rest assured that as a technology-focused firm, we will not put you or your information at risk.  We believe that Zoom is one of the safest video conferencing platforms and a true leader in their space.  If you have any specific concerns or would prefer to use alternative software, please let us know.


Is the Zoom software safe to use on my computer, phone or tablet?

Yes.  The code, processes and security practices used to run Zoom’s software and cloud-based systems are regularly audited by manual and automated means to detect vulnerabilities, perform penetration testing and identify opportunities for malicious code to be introduced.  These audits are performed by standards bodies, enterprise customers, financial institutions and third party accounting firms capable of performing rigorous compliance certifications.

The reports of malicious code “piggybacking” on the Zoom installer’s authorized use of your camera and microphone involve a situation where a person with the skills, motivation and access to your computer, actually adds malicious code to your computer.


How can Zoombombing be prevented?

Very easily. Zoombombing originated from people posting the meeting information on public websites, allowing unintended parties to access the meeting at will.  To prevent this, do not post the meeting details in a public place.

Security researchers have also been able to write scripts to guess valid Meeting IDs and for meetings that were not setup to require a password, this was all that was required to join a meeting (a certain percentage of the time).  Requiring a password for the meeting adds another layer of security that makes the chance of this happening statistically improbable. Update 4/14/20: Zoom has increased the length of Meeting IDs making this even more improbable.

We follow the best practice of locking the meeting once everyone has joined, preventing even the statistically improbable situation described above from happening.


How is Zoom’s security audited?

Zoom has achieved a series of compliance certifications, including some of the most rigorous third party audits used in financial and healthcare industries.

zoom-sec.png

Is Zoom HIPAA-compliant?

Yes.  Zoom meets or exceeds the criteria for one of the most stringent compliance requirement sets in existence - the same standards all medical providers are required to meet to protect Personally Identifiable Information (PII) and Personal Healthcare Information (PHI).  For more information please read the Zoom’s HIPAA Compliance Guide.


How much personal information does Zoom have access to?

Very little.  Zoom encrypts data in transit (between devices/systems) and at rest (when it is written to a database or file system) and their employees, including their development team, do not have the ability to decrypt it.  Only minimal information is accessible to Zoom employees as described here.

Is Zoom sharing data with Facebook?

No.  For a short period of time, Zoom had added a Facebook library to its codebase in order to enable users to login to Zoom using their Facebook account, as countless other websites and applications do.  Zoom has removed this library.

Is Zoom routing my meeting through China (or any other country)?

No.  Zoom had previously allowed its software, after making 5 attempts to establish a reliable connection trying different servers in the US, to then try a server outside of the US to conduct the meeting.  They have now limited US-based meetings to only attempt to use US-based servers. Again, all meeting information is encrypted while in transit and at rest, regardless of how it traverses the internet.


What else is Zoom doing to address the concerns of its growing customer base?

  • Weekly webinars where you can ask the CEO anything

  • Regular emails are sent to all users summarizing new security features and best practices

  • A 90-day freeze was put on all non-security related feature development to incorporate feedback from the growing customer base

  • Software updates are published more frequently than their usual (roughly weekly) cycle

  • Zoom published a data sheet on 4/23/20 regarding their growth, new security features and compliance

What should I be doing to make sure I’m receiving the latest security enhancements?

Once you have installed Zoom on your device, you should periodically check for updates and install them.

If you have not yet upgraded to Zoom version 5.0 or higher, please do so. Starting on 5/31/20, the Zoom app will force you to upgrade the next time you launch the software, so it’s best to install the update beforehand so that you don’t run into a delay when joining a scheduled meeting.

Find Peace of Mind Now

What Our Clients Say

Testimonials found on this website are actual client reviews of Sapphire Law Group. We appreciate our clients and their willingness to share their experiences. Please keep in mind that the success of any legal matter depends on the unique circumstances of each case and we cannot guarantee particular results for future clients based on successes we have achieved in past legal matters.