Almost every business where employees can work remotely have shuttered brick and mortar operations. Even credit unions have been closing their branches to prevent the spread of the COVID-19 pandemic. As organizations move to remote work, they’re moving to Zoom’s video calling to stay connected.
But is Zoom safe for credit unions?
Recent reports have exposed numerous bugs, exploits, and security risks in the Zoom platform. While Zoom has been working hard to shore up those risks, it’s worth taking a look at other options.
Zoom Security Risks for Credit Unions
Credit unions must maintain a very high level of security. And working from home exacerbates many of those risks. Vulnerabilities that normally pose risks to a business are a bigger concern for credit unions—vulnerabilities may also endanger members.
Many major problems have been fixed, but more weaknesses remain. Here is a partial list of known current major exploits and issues with Zoom to date:
1. Zoom bombing
This is not the biggest security threat, but it could be annoying: some people join public Zoom meetings just to be obnoxious.
Credit unions can require meeting passwords, require authorization for screen sharing, turn off file sharing, or take other security steps.
2. Email address and profile photo leaks
Zoom groups users with the same email domain into a “company” folder accessible by anyone with that email domain. Major email providers like Gmail and Outlook are safe, but smaller providers may not be.
For example, many users with ISP-based addresses found that they could see each other’s personal information. That’s not a good sign for credit unions!
3. Sharing information with third parties
Some privacy experts—many working with Consumer Reports—found that Zoom’s privacy policy gave Zoom the right to use and share users’ data. After Consumer Reports wrote about it, Zoom rewrote its policy to say that “we do not sell your personal data.”
However, it still opens the question about whether third parties might have some kind of access.
4. Zoom meeting recordings are available online
Many people record their Zoom meetings and calls. Those recordings, unless they’re saved in a particular way (such as changing the filename or keeping it out of cloud storage), may be found online.
So, if you value PII and security, you’ll need to come up with a process for protecting your recorded meetings. It’s unlikely that Zoom will address this issue in the near future, as most security experts suggest this is more of a user concern rather than a Zoom one.
5. Old school “war drive” hack works
Malicious parties can find and enter random Zoom meetings by changing their IP address and guessing at different meeting IDs. Currently, a password is the only way to stop this exploit.
Final Thoughts about Zoom and Credit Union Security
Ultimately, we suspect that with stringent security practices, Zoom is probably safe for credit unions. However, the popularity of the platform, coupled with its many security weaknesses, should make you hesitate.
We’re looking into Zoom alternatives for our own business. For now—and until all major security issues are taken care of, we recommend exploring alternative platforms as well. Stay tuned for our findings!
