Earlier this week, the Federal Trade Commission announced a settlement with Zoom, requiring the company “to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.” The FTC alleges that Zoom provided a lower level of encryption than promised to its users.
The fines imposed by the FTC are a prime example of the type of actions companies are going to face when they do not take security in their products seriously. Zoom unfortunately ended up being the poster child for how not to handle things when vulnerabilities are found in commercial products.
When COVID initially swept through, forcing people to work remotely, Zoom use skyrocketed (from 10 million in December 2019 to 300 million in April 2020). However, Digital Defense mandated on April 2, 2020 that its employees were no longer able to participate in Zoom meetings and were asked to uninstall the application from their systems due to security vulnerabilities. Directives were put in place that communicated recommendations of alternate approved platforms that had been evaluated for security and privacy for meeting use with clients, partners, internal meetings, etc.