Earlier this week, the Federal Trade Commission announcedsettlement with Zoom, requiring the company “to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.”  The FTC alleges that Zoom provided a lower level of encryption than promised to its users.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Tom DeSot
Tom DeSot , EVP
InfoSec Expert
November 12, 2020 11:55 am

The fines imposed by the FTC are a prime example of the type of actions companies are going to face when they do not take security in their products seriously. Zoom unfortunately ended up being the poster child for how not to handle things when vulnerabilities are found in commercial products.

When COVID initially swept through, forcing people to work remotely, Zoom use skyrocketed (from 10 million in December 2019 to 300 million in April 2020). However, Digital Defense mandated on April 2, 2020 that its employees were no longer able to participate in Zoom meetings and were asked to uninstall the application from their systems due to security vulnerabilities. Directives were put in place that communicated recommendations of alternate approved platforms that had been evaluated for security and privacy for meeting use with clients, partners, internal meetings, etc.

Last edited 2 years ago by Tom DeSot
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x