How Microsoft Teams will never have an incident like ‘Zoombombing’
Lauren Simonson, Mark Woodrow
With the majority of the population being forced to stay home to help stop the spread of COVID-19, many have turned to videoconferencing platforms to undertake work meetings and also virtual social gatherings.
Educational institutions, government agencies, places of worship and a whole array of other companies have shut their doors, leading them to look to platforms that make remote work accessible. But, it’s imperative to do your homework to make the right technology choices before jumping in.
Many organisations have made the switch to online platforms, such as Microsoft Teams and Zoom, to be able to host videoconferencing meetings, but what distinctly separates these two is the transparency of information on your privacy, data and security.
Zoom have indicated that their easy-to-use interface ticks the box for a simple solution for online meetings, video conferencing and group messaging. However, with their skyrocketing user numbers, this has placed a magnifying glass over the company’s policies, specifically around their data security and encryption.
Zoom users have raised their concerns about the software with a new buzz word: Zoombombing – this is where uninvited guests attend meetings and chats. Reports have come back from consumers deeply upset from the Zoombombing incidents they’ve experienced, their apprehension on Zoom data being shared with Facebook and the company’s misleading claims on the end-to-end encryption of the meeting software.
Why you should review your Zoom settings
Security experts, lawmakers, and government agencies (including the FBI) have warned that Zoom’s default settings don’t have the state-of-the-art security and compliance requirements needed in this day and age for virtual meetings.
Each Zoom call has a randomly generated ID number used by participants to gain access to a meeting. These are public and if shared around, can result in surprise visitors joining. Researchers have found the IDs can be easy to guess, share and hack.
The risk for a public meeting is an uninvited guest joins and uses Zoom’s screen-sharing feature to broadcast unsavoury content in your meetings, with consumer reports that these types of incidents aren’t unique to just them. To prevent this, you need to check your Zoom settings.
To see your current settings, go to Settings on the left-hand side and against Who can share / Who can start sharing when someone else is sharing, ensure to select Host Only can share. Once you save your settings, future meetings that you start will have sharing disabled by default.
You can change settings for screen sharing on mobile devices and during a meeting but be careful you know all the participants before opening up the screen share capability to all participants.
The advantage of Teams is that many security features are already built in
Teams has powerful privacy and security controls where you can manage meeting participants and who can access that meeting information.
With Teams, you can control who from outside your organization can join meetings directly, and who waits in the online lobby. Conveniently, you act as the moderator, designating presenters and who can screen share.
For additional control, remember to use Attendee and Presenter roles. This gives the Presenter full control but stops Attendees from muting other people, removing people from the meeting, or sharing their screens without the Presenter’s permission. Also, make sure you ask your Teams (O365) admin to block anonymous users from joining Teams meetings.
You’re able to give people guest access from outside your organisation securely while still retaining control over all your data. Recordings are only made available to those on a call or meeting invitees, where these recordings are securely stored and protected by permissions and end-to-end encryption.
Questions raised about how secure data is on Zoom
In recent weeks, there have been a number of data privacy concerns around Zoom.
There are reports that the Apple iOS version of the Zoom app sends some analytics data to Facebook; even for Zoom users who don’t actually have a Facebook account (according to a Motherboard analysis of the app). This data could include a device’s model, network provider, time zone, city, and unique device identifier advertisers can use to send targeted ads. Zoom is currently being sued in California for allegedly giving personal data to outside companies, including Facebook, without fully informing customers.
Questions have also been raised over whether Zoom is right to claim its data is end-to-end encrypted– which implies that no one, even Zoom itself, can read chats. Online news site The Intercept calls their definition ‘misleading’, as Zoom can itself access unencrypted video and audio from meetings. Under certain circumstances, it turns out, multiple people in a meeting might be able to read private messages. Depending on where these are downloaded, private messages could also be revealed in Zoom meeting minutes.
Zoom appears to be taking these issues seriously, with their CEO Eric S. Yuan having announced a 90-day feature freeze, shifting all their engineering resources to focus on Zoom’s trust, safety, and privacy issues. Zoom’s waiting room feature, and meeting room passwords, are being introduced as default.
Microsoft Teams has far superior built-in security capability that’s ‘out of the box’
“When you use Microsoft Teams, you are entrusting us with one of your most valuable assets—your data and personal information. Our approach to privacy is grounded in our commitment to giving you transparency over the collection, use, and distribution of your data.”Jared Spataro, Corporate Vice President for Microsoft 365.
Microsoft Teams advanced security and compliance capabilities for customers, includes:
- Multi-factor authentication
- Single sign on through Azure Active Directory for the Office 365 suite
- Encryption of data in transit and at rest
- Advanced Threat Protection
- Communication compliance
- Data retention policies
- Data loss prevention
To summarise, Microsoft Teams has the capability and sophisticated architecture to ensure your security, data and privacy are the highest priority. Not only this, but as a collaborative tool and part of Office 365, it integrates with the Microsoft stack of products making it a natural part of your workday, whether in the office or working remotely.
To read more on Teams and to test this for free yourself, go to:
About the authors:
Lauren Simonson manages sales and partnerships at Engage Squared.
Mark Woodrow is the O365 Evangelist at Engage Squared.