To Zoom or Not to Zoom: Addressing a Crucial Cybersecurity Question

Eight tips to help advisors balance between security and convenience with Zoom

May 21, 2020by Sid Yenamandra

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Though shelter-in-place orders and working from home have become the new normal, the reality is that most businesses are not prepared to protect their employees and their devices from cyber criminals in a remote work environment. That’s especially true for the wealth management industry.

Let’s start with the fact that most employee-owned devices are not appropriately protected. Many broker-dealers, banks, insurance companies and RIA firms have stepped up their efforts to address some of the most glaring weaknesses. But for others, cybersecurity issues are only becoming more challenging as a surge of professionals flock to Zoom and other video conferencing platforms to meet with clients and collaborate with colleagues.

How Financial Services Firms Can Vet Zoom

Indeed, very few IT managers have had the opportunity to vet these tools, even as they are now known to present a series of security and compliance challenges.

Wealth management professionals are gauging how much risk the use of the Zoom platform introduces. Here are eight tips to keep you and your organization safe on Zoom:

  • Use the latest version. Be sure you are always using the latest version of the application so that your endpoint is protected against known security issues.

  • Never share your Zoom meeting ID publicly. Posting meeting IDs publicly makes it easy for hackers to infiltrate your account by guessing your password. This could result in "zoombombing" or someone getting access to your private chat transcripts or files.

  • Share your meeting password securely. Treat your Zoom meeting password the same way as you would treat your sign-in credentials for your bank account or company workspace. Also, use two-factor authentication, which dramatically lowers the likelihood of getting compromised.

  • Set preferences to host-only. Resist the temptation to designate a co-host, because it increases the likelihood that a breach could take place. What’s more, shut off file transfer, camera and audio settings for all participants. That leaves one person in control of the conference. The end goal is to minimize the possibility that an interloper could gain access.

  • Pay for the enterprise plan. If you are relying on Zoom for business, it’s better to upgrade to the pro or enterprise plans rather than using freemium services.

  • Beware of Zoom phishing emails. If you get a meeting invite from someone with whom you are not familiar, you can log in to the call by connecting to the Zoom website and then manually keying in the meeting ID. That will ensure that the invite is valid. Otherwise, it could be a phishing email aimed at getting you to click a link that will end up harming your device.

  • Perform endpoint hygiene. Patch the endpoints used to access Zoom with up-to-date anti-virus and anti-malware software and make sure to enable device or file-level encryption. These steps will not only help to prevent compromises, but they will serve to mitigate the damage should they occur.

  • Use VPN when possible. This minimizes the likelihood of a man-in-the-middle or denial-of-service attack that could disrupt your productivity. VPNs could create some network bottlenecks, especially if you don’t have much bandwidth to spare, but they will ensure that your sessions have end-to-end encryption, something that most regulators require.

To Zoom or not to Zoom? For wealth management professionals who need to drive as much continuity of service and connection with clients and colleagues, this is an important cybersecurity question.

But by following the right cybersecurity safeguards as outlined here, it doesn’t need to become an existential question for your business.

Share this post!

Sid Yenamandra
Latest posts by Sid Yenamandra (see all)
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Contact Us

Tell us about yourself, and we’ll be in touch right away.