The Federal Trade Commission (FTC) has agreed with Zoom to settle their allegations that it “engaged in a series of deceptive and unfair practices that undermined the security of its users.”
Settlement Conditions
The conditions put forth by the settlement The FTC complaint said that:
- Since at least 2016, the company misled users by touting that it offered “end-to-end, 256-bit encryption” to secure users’ communications, when in fact it provided a lower level of security, i.e., it encrypted communications but stored the encryption keys on its servers
- The company misled users by saying that recorded meetings that were stored on the company’s cloud storage were encrypted immediately after the meeting ended, which was untrue in some cases
- In July 2018, the company compromised the security of some users when it secretly installed a hidden web server on Macs that helped with frictionless installation of the Zoom application
The settlement does not oblige Zoom to admit fault or pay a fine, but obligates it to:
- Refrain from misrepresenting privacy and security practices, including about how it collects, uses, maintains, or discloses personal information; its security features; and the extent to which users can control the privacy or security of their personal information
- Implement a comprehensive information security program and obtain biennial assessments of its security program by an independent third party and notify the FTC if it experiences a data breach
- Implement a vulnerability management program
- Assess and document on an annual basis any potential internal and external security risks and develop ways to safeguard against such risks
Deploy safeguards such as MFA to protect against unauthorized access to its network; institute data deletion controls; and take steps to prevent the use of known compromised user credentials - Review any software updates for security flaws and ensure the updates will not hamper third-party security features
Quoted from https://www.helpnetsecurity.com/2020/11/10/ftc-zoom/
If your company is going to use video conferencing to assist with work from home or to remotely connect with clients, then contact us for assistance.