We have been using Zoom for almost a year now.
One of the things that I really enjoy is that besides having a "Paid Tier" they have a very functional free tier. Everyone at our office has a Zoom account. Most have the free tier that limits their multi-attendee (3 or more) meetings to 40 minutes. The rest have a paid tier which includes all kinds of benefits such as cloud recordings with automatic Audio Transcript.
Zoom responded to most of the security concerns with their new 5.0 version of the software.
Before, zoom defaulted to the lowest security settings and did have some weak points. They hired a security expert, and the team worked on tightening security.
New Security Enhancements
1. AES 256-bit GCM encryption - Zoom 5.0 supports our current encryption and GCM encryption. A system-wide account enablement to GCM encryption will occur on May 30, 2020, and only Zoom clients on version 5.0 or later, including Zoom Rooms, will be able to join Zoom Meetings starting May 30.
2. Report a User feature - Meeting hosts and co-hosts can report a user in their meeting who is misusing the Zoom platform. Found in the Security icon, the option sends a report to Zoom’s Trust & Safety team for review. The report can include a specific offense, description, and optional screenshot. The Report a User function is on by default but can be turned off at the account, group, and user level in the Zoom web portal.
3. New encryption icon - A new encryption shield appears in the upper left of your Zoom Meeting window and indicates a secure, encrypted meeting. After May 30, the shield will be green for all users, denoting enhanced GCM encryption. Clicking the icon also takes you to the Statistics page for additional encryption details.
4. Enhanced data center information - Meeting hosts can now select data center regions at the scheduling level for meetings and webinars. The Zoom client also shows which data center you’re connected to in the Info icon in the upper left of your Zoom window. You can get additional details in-meeting by selecting Video Settings – Statistics in the meeting controls. Additionally, if organizations outside of China did not opt in to the China data center before the April 25 deadline, those accounts will not be able to connect to mainland China for data transit.
5. Enhancements to ending/leaving meetings - We’ve refined the action of ending or leaving a Zoom Meeting to make it easier and also more secure. With a new UI update, hosts can clearly decide between ending or leaving a meeting. If the host leaves, they can now easily select a new host and have the confidence that the right person is left with host privileges.
Additional security enhancements
A few other recent Zoom security updates include:
1. Profile picture control: Account admins and hosts can disable the ability for participants to show their profile picture and also prevent them from changing it in a meeting.
2. Minimum password length: The minimum default password length will be six characters for meetings, webinars, and cloud recordings.
3. Cloud recording security: Admins and meeting hosts can set expirations on their cloud recordings and can disable the sharing of their recording
User Experience & Controls
1. Security controls are now grouped together and found by clicking the Security icon on the host meeting menu bar. These controls allow the host to enable or disable the ability for participants to:
a. Screen share
c. Rename themselves
2. “Report a User” - Hosts can report users to Zoom’s Trust & Safety team, who will review any potential misuse of the platform and take appropriate action.
3. Enable Waiting Room - All hosts may now turn on the Waiting Rooms while their meeting is already in progress.
4. Lock Meeting - Lock your meeting after everyone has arrived to prevent any unwanted disruptions.
5. Remove Participants - The host may remove a participant and they will be unable to re-enter the meeting.
6. Waiting Room enabled by default - Waiting Room, an existing feature that allows a host to keep participants in individual virtual waiting rooms before they are admitted to a meeting, is now on by default for education, Basic, and single-license Pro accounts. It is recommended best practice for all customers to turn on Waiting Rooms.
7. Complex Meeting IDs - Eleven digit unique meeting IDs are now in place. Meeting IDs are also removed from the content sharing window to prevent accidental sharing of meeting information.
8. Passwords & Password complexity - Meeting passwords are now more complex and enabled by default for most customers, including all Basic, single-license Pro, and K-12 customers. For administered accounts, account admins now have the ability to define password complexity (such as length, alphanumeric, and special character requirements).
9. Meeting Registration - Registration for meetings will allow you to have your participants register with their email, name, and other details to know more about attendees.
10. Meeting Authentication - Enable meeting preset profiles that only allow entry to authenticated users, or restrict to specific email domains for Business, Enterprise or Education accounts.
11. Recording Security - All cloud recordings are encrypted with complex passwords on by default.
12. Audio Watermarks - Turn this on to embed a user's personal information into the audio as an inaudible watermark if they record during a meeting. If the audio file is shared without permission, Zoom can help identify which participant recorded the meeting.
13. Screen Share Watermark - Superimposes the image of a meeting participant’s email address onto shared content in the event a participant takes a screenshot.
14. Message Preview Options - Users can now enable Zoom Chat notifications to not show chat content while screen sharing.
15. Secure Account Contact Sharing - Zoom 5.0 supports a new data structure for larger organizations, allowing them to link contacts across multiple accounts so people can easily and securely search and find meetings, chat, and phone contacts.
16. Control Profile Picture - Host or account admin can disable the ability for participants to show their profile picture or change it in a meeting.
17. Data Center Information - Hosts can now select which data center regions they would like their in-meeting traffic to use when scheduling a meeting, and participants can see which data center they are connected to by clicking on the info icon at the top left of the client window.