Zoom and Other Soft Codecs

Risks, Solutions and Alternatives

Written by Nick Wallace, Ridge AV

Since Coronavirus 2019 affected the world, could-based videoconferencing technologies have seen massive growth in demand. At the time of this writing, the video-conferencing service Zoom has gone from “what’s that” to “ubiquitous.” Due to its almost overnight popularity, the platform has found itself growing at a rate it couldn’t have possibly expected. This has put Zoom under increased pressure, scrutiny, and within the cross hairs of malicious actors. While new issues are being discovered and addressed daily, here are some highlights of some of the most concerning, ongoing issues:

-Zoom bots can steal user IDs

-Unknowingly sharing your LinkedIn profile

-People breaking into meetings and posting not-safe-for-work content

-The program stealing your login credentials (Windows and Mac)

Even though Zoom’s infrastructure has been able to support the sudden explosion of users with little disruption, they admit that the sudden influx of users across various industries have put them out of their element. “Our platform was built primarily for enterprise customers – large institutions with full IT support,” says CEO Eric Yuan. Zoom has already gone to great lengths to fix security issues as soon as they arise, but there is still work to be done.

While Zoom currently dominates the soft-codec landscape in terms of popularity, here are other platforms that offer better security with similar functionality.

Google Meet: Google’s security is top-notch. Full stop. Period. End of sentence. While other companies are out here suffering data breaches left and right, Google has only ever had two major data breaches ever, and only one was the cause of poor security (and it was Google+, so does that really count?). If you’re looking for security and protection from outsiders in your videoconference, you can’t get much better than Google’s Meet service. The drawback is that Meet requires an active G Suite subscription. The plus side is that Google is unlocking the full power of Meet for all G Suite subscribers until July 1, 2020, so that means up to 250 participants per call, which should be more than enough for most organizations.

Skype: Skype was the first service to popularize video chat. As an added bonus, Skype offers the option to end-to-end encrypt conversations using the Signal encryption algorithm, which is currently one of the most secure encryption protocols around. Skype has also gone out of their way to offer the service without requiring an account or downloading any software, which makes it more flexible than Zoom or Hangouts in that regard. However, Skype only allows 50 users at one time in a call, so this may not be a good solution for large organizations. But this limitation is overcome in Microsoft Teams. In 2017, Microsoft, Skype’s parent organization, phased out Skype for business in favor of Teams. Thankfully, the hefty price tag of Microsoft Teams also comes with the full Microsoft Office Suite.

Jitsi: This is a videoconferencing service you probably haven’t heard of, but worth checking out. My favorite thing about Jitsi is that it is completely free, anonymous, and user friendly. You don’t need an account to sign up or even to start the meeting. Meeting links can be customized or randomized as needed. Passwords can be required to maintain privacy from intruders. It offers screen sharing and unlimited time, although it might get unstable with large numbers of users (over 100 or so). Perhaps one of the biggest advantages is that it is open source, meaning your company can download the source code and run your own videoconferencing server. This allows you to add your own encryption or control the data as you see fit - a major plus for companies with strict security requirements. If your organization values both security and user privacy but has a budget, then this is the solution for you.

Webex: The company was acquired by networking giant Cisco in 2007, which means they have the backing of one of the world's leading companies behind them. Their most unique feature is their native integration with other services such as Slack, Google Drive, Salesforce, and more. Like most other options on this list, WebEx is offering a free tier with up to 100 meeting participants, unlimited meeting length, desktop sharing, and more. They offer additional features for premium paid plans. Already a leading player, Webex needed to make few adjustments to adapt to the current videoconferencing push. This means that the features you come to rely on during this time will probably still be there when things return to normal.

Regardless of which soft-codec platform you choose, here are a few tips to teleconference safely. First, when given the option, make your meetings private by using the guidelines in this FBI warning. Second, be sure to use strong passwords. You can use a password manager such as Bitwarden or Dashlane to manage this if you need help. Third, be sure to look (yes, actually look) at your settings. A lot of settings, like sharing data with Facebook or LinkedIn, can be disabled. Finally, no matter how tempting it is, DO NOT click “Sign up with Facebook/Google.” Sign up with an email address - your work email address if possible. Don’t use your personal address.

Competition is a great thing. It encourages lower prices, innovation, and diversity, which can only make technological services better. If Zoom fits your needs best, keep using it. Just be sure to take the proper precautions. If you suspect one of these other services are a better fit for you, be sure to check them out and give them a whirl. Most companies offer free trials. During this particular time, many are offering premium services at free or reduced cost. Just remember make sure to avoid the temptation of leaving the band-aid solution in place for too long. Instead, focus on the best long-term solution that fits your organization’s logistical and security needs.