7 Things Small Businesses should know about Zoom

7 Things Small Businesses should know about Zoom

Russell Harris

Seven (7) things the small business community should know about Zoom.  Many people are heading to Zoom for their video communication platform of choice when communicating with large groups.  As the coronavirus (COVID-19) pandemic continues, us humans need that visual interaction and communication.  For our small business community, we put together a list of things you should be aware of and current status.  In the event, things change over the next few months we’ll update this blog post.  There are other choices besides Zoom, we share those below throughout the article.

Beware of Zoom Phishing Attacks

The Dark Web is buying up domains with “Zoom” in them so be very careful on new Phishing attacks coming out that look like Zoom URLs.  Watch out for meeting invites that look legit.  We all move quick accepting meetings and clicking links.

Protect Private Information over Zoom

Maybe this is common sense, however, we need to say it again.  Do not share private or sensitive information over Zoom.  With multiple security issues reported over the past year, we believe there is a high risk of compromise with this solution.  If your company is on Microsoft 365 Business, use the built in solution with Teams and other collaborate tools to communicate and collaborate securely.  However, even with Microsoft Teams, make sure the security settings are set correctly to keep the environment secure.

Be careful with “Free”

The old saying sometimes “Free” is to good to be true.  Keep in mind, the limit to your meeting is 40 minutes if you use the “Free” version.  You do not get Admin feature controls or Reporting.  There is one exception to the 40 minute limit, K-12 schools can ask for an exception at the following here.

“Zoom-Bombers” What to know

If you are not aware of “Zoom-Bombers”, this is someone who joins your meeting without invitation and proceeds to act in a provocative way.  Initially, by default Zoom did not stop this from happening, although at this link they have a list of things to do to protect your meeting.  As of April 5th, Zoom will be changing their default settings to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy.

A quick list of things here, you can find more detailed information if needed at this link:

  • Password protections are on by default – keep those protections to prevent uninvited users
  • Set your meetings to generate a random Meeting ID
  • Don’t post your meeting information on Social Media
  • Disable “Join Before Host” so people can’t cause trouble before you arrive
  • Enabling “Co-Host” so you can assign others to help moderate
  • Disable “File Transfer” so there’s no digital virus sharing
  • Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in

iPhone User Information

IPhone user privacy information was fed to Facebook from Zoom even if users did not have a Facebook account.  This was first reported by Motherboard on March 26, 2020.  Several days later, Zoom did address this and claims to have fixed this issue.  Our recommendation is be careful on how you log into apps like Zoom.  Another blogger who is keep up on privacy issues around Zoom can be found here.

Zoom Security Issues

As a business owner, you need to know there are other issues that have been reported and are documented.  Zoom is working to fix them, however, be careful how you use this product in your business.  Here are some of the more Critical & High issues documented on the National Vulnerability Database through NIST.  (There are more but considered Medium or Low from a threat perspective)  Zoom has fixed most of these, we recommend to follow their blog site at this link if you want the latest information.

  • Zoom Client on MacOS copies runwithroot to a user-writeable temp directory during install, which can allow a local process to obtain root access by replacing runwithroot. More details at CVE-2020-11469 – First published: April 1, 2020.
  • Video Conference solutions DTEN D5 and D7 before firmware 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb). This allows a covert ability to capture screen data from the Zoom Client on Windows by executing commands on Android OS.  More details at CVE-2019-16273.  First published:  January 6, 2020
  • The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution. There is a ZoomOpener daemon that runs in the background.  This can be removed by the Apple Malware Removal Tool (MRT) if enabled and with MRT ConfigData 2019-07-10.  CVE-2019-13567 – First published July 12, 2019.

Other Options

We are not here to try to discourage the use of Zoom but more importantly be aware of the Security issues and risks that may arise through the platform.  There are other options, Microsoft Teams is one option.  This is included in Microsoft 365 Business.  However, one feature that does exist for Teams calls with more than 4 users is the grid or gallery view of everyone on the call.  With everyone remote, this seems to be a very popular feature to call on people.

Another alternative solution is Lifesize video conferencing.  They focus on business video conferencing and offer currently offer free unlimited meetings with up to 25 participants and unlimited meeting duration up to 24 hours.  See their pricing options here.  As we mentioned before, be careful with “Free”.

The purpose of this blog post is to make business owners aware of the risks associated with the Zoom solution.  We highly recommend following their blog and keep up with their updates and changes if you use them as a solution.

We want every to help every business owner, increase security, enhance productivity and boost the bottom line.