Security and privacy bugs on teleconferencing platform Zoom have multiplied since usage rocketed as a result of the Covid-19 pandemic, according to an op-ed column from a leading US newspaper.

In the piece, Brian X Chen – chief consumer technology writer for The New York Times – notes that Zoom’s decision to make its app available directly from its own website, rather than through Apple’s App Store or Google Play, means that its security setup is weaker than that of apps released through those outlets (The New York Times, 8 April 2020).

Following problems with hackers accessing users’ webcams and incidents of ‘Zoombombing’ – in which trolls crash people’s meetings and bombard them with inappropriate content – Zoom founder Eric Yuan was forced to publicly acknowledge the platform’s flaws.

In a recent blog post (Zoom.us, 1 April 2020), Yuan wrote: “Usage of Zoom has ballooned overnight … To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March this year, we reached more than 200m daily meeting participants.”

Yuan stressed that the firm has strived to maintain a user-friendly, uninterrupted service that is safe and secure for all. “However,” he wrote, “we recognise that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.”

Further down the blog, Yuan announced the immediate implementation of a 90-day plan to tackle Zoom’s primary security issues, which will encompass “a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.”

In a subsequent blog (Zoom.us, 8 April 2020), Yuan announced the formation of a Zoom CISO Council, comprised of chief information security officers from several other companies who will provide insights from their own experiences to help Zoom conquer its flaws. The Council has already attracted the participation of CISOs from HSBC and US mortgage platform Ellie Mae, among others. In addition, Zoom has signed up Stanford professor, NATO consultant and former Facebook CISO Alex Stamos as an adviser.

What do these steps demonstrate about Yuan’s desire to learn from Zoom’s mistakes to evolve the service – and what could other leaders take away from his response?

The Institute of Leadership & Management’s head of research, policy and standards Kate Cooper says: “This resonates quite strongly with disaster-recovery scenarios, in the sense that the sooner leaders acknowledge the underlying error(s) and explain the corrective action they intend to take, the quicker they will rebuild confidence.”

She points out: “If you look at how Zoom has shot from 10m to 200m users in just three months, that’s a remarkable scaling up of its activities – and broadly, the platform has dealt with that rapid surge well enough to sustain its basic operations. Yet even so, Yuan is taking these security issues seriously. He’s doing something about them. He’s addressing the problems and owning them. And he’s bringing knowledgeable experts and advisers on board to help him fix the areas that aren’t working.”

Cooper adds: “No matter which type of organisation you lead, you can never not make mistakes. But what you can do is own them when they emerge, try to fix them and, at the same time, communicate honestly and promptly to your customers and stakeholders about what you’re doing to put things right. So many more people are now logging into Zoom for teleconferencing that, as recently as a month ago, not even the firm would have imagined would be users. And thanks to news coverage of how Zoom has played a key role in holding businesses and schools together through the crisis, it has quickly become a high-visibility brand. That makes Yuan’s communication efforts all the more important.”

For further insights on the themes raised in this blog, check out the Institute’s resources on learning from mistakes

Source refs:

The New York Times, 8 April 2020

Zoom.us, 1 April 2020

Zoom.us, 8 April 2020

Image of Zoom’s San Jose headquarters courtesy of Tada Images, via Shutterstock