With more people working from home than ever before, Zoom has been widely adopted over the last month, with over 200 million daily users in March alone.  Many organisations and training/educational establishments are now using it as their main communication tool.

Much has been spoken about recently in the news and papers of the vulnerabilities surrounding Zoom, the online video conferencing platform (Guardian Article).  Whilst the video and sound quality it provides is excellent, particularly when compared to other providers such as Skype, it does have significant security concerns.

Therefore, our position on these tools is that unless there is an overarching reason why we can't use it, Autism Anglia will always use Skype for Business for online audio and video communication.  When there is no alternative and Zoom has to be used, Autism Anglia will follow the protocol below for every contact, to protect the people involved, including personal data:

  • Autism Anglia's Zoom accounts will be created using Autism Anglia email addresses
  • Autism Anglia Staff and Volunteers will not connect to Zoom meetings while connected to any of our internal computer networks, including those in Head Office and Doucecroft, in order to minimise the effect of any potential hack
  • All Zoom conversations must be password protected - this protects against most of the threats inherent to Zoom
  • Zoom's in-conversation instant messaging (text chat) is not used at all and it should be disabled if at all possible.  Hackers use this to share links which include your username and password for Windows, i.e. your work network login details
  • Use new meeting ID's for each conversation - don't rely on your 'personal' meeting ID
  • Setup a 'waiting room' so the meeting host joins before any attendees
  • Don't publish meeting ID's anywhere, including social media.  Use private conversations (direct messages, email, phone etc.) to share the ID
  • Once everyone has joined a meeting, the host should lock it to prevent anyone else joining

Dan McCullagh

IT Manager