Zoom’s daily active users this year have blown up from a peak of 10 million daily users in December last year, to over 200 million daily users in just a few months. This huge increase in uptake has unfortunately however, shined a spotlight on many of the security and privacy issues plaguing Zoom.

In fact, numerous businesses and governments worldwide have already banned the use of Zoom citing security concerns. Singapore recently banned teaches from using it, the US Pentagon also banned it as well as Taiwan’s government, Elon Musk’s SpaceX and Google.

Facebook Data Collection

The first crack in the armor for Zoom came in March when an investigation by Motherboard revealed that Zoom’s iOS app was sending user analytics to Facebook, even for users that do not have a Facebook account. This was despite there being no mention of this data transfer anywhere in Zoom’s privacy policy. Zoom quickly responded by announcing they have now shut down the Facebook data collection feature, however this was just the catalyst in numerous privacy and security issues that have since come to light.

False Encryption Promises

The University of Toronto’s Citizen Lab discovered that the Zoom’s encryption scheme does not live up to its marketing claims. Zoom claims to use 256-bit Advanced Encryption Standard (AES) encryption key whenever possible, however by default Zoom only uses a 128-bit AES encryption that is shared among all meeting participants.

Additionally, Citizen Lab found that at times the conference encryption keys were being distributed to servers based in China. Zoom CEO Eric S. Yuan admitted that the company had “mistakenly” allowed conference calls to flow through China, which could create the potential problem of encryption keys being disclosed to Chinese authorities based on legal requirements.

Moreover, Zoom falsely claimed in its marketing that it provided end-to-end encryption. However, an investigation by The Intercept showed that Zoom meetings aren’t actually E2E encrypted. Instead Zoom uses TLS encryption meaning your audio and video is encrypted from anyone spying on your WIFI, however it is not encrypted from Zoom the company. For encryption to be E2E it would have to be only able to be decrypted by meeting participants.

The Microsoft Teams Advantage

One of the main areas Microsoft Teams shines relative to Zoom and other video conference apps is that it is built on the Office 365 enterprise-grade cloud, which provides advanced security and compliance capabilities. You also have peace of mind knowing that all of your data in Teams resides in the regional Microsoft data centre that was available at the time when you provisioned your Office 365 tenant.  

The way Teams works, is that when you create a Team in Microsoft Teams it automatically creates a SharePoint site in the background. This SharePoint site is where all your files created and shared in Teams are stored. Additionally, your chat files are stored in OneDrive with text and images being stored in Exchange. With all your Teams files, chats and images being stored across SharePoint, OneDrive and Exchange, you get the advantage of being able to use the Microsoft 365 Security and Compliance Centers to secure your information and compliantly manage your records.

Securing and Controlling Your Information in Microsoft Teams

You have many options for securing and controlling your information in Teams. You can set organisational wide settings that can disable external users from communicating with Teams and Skype for Business users. You can also restrict permissions for external guests and meeting participants such as disallowing screen sharing or the ability to make private calls. You can also turn off the ability to give and request control of a screen and disallow unauthenticated guests from starting or joining a Teams meeting.

Furthermore, you have permissions that can determine who can edit and delete chat messages as well as govern what apps users have access to. You can also set permissions when sharing file links to determine who has access to view or edit the content, in the same way you can when sharing links directly from your SharePoint or OneDrive.

These are just a few of the many ways you can precisely control what access and capabilities users have, to ensure your information in Teams is secure.

Managing Records in Microsoft Teams

As I mentioned earlier, the advantage of using Microsoft Teams is that all your information is stored in SharePoint, OneDrive and Exchange in the background, giving you the leverage to utilise Microsoft’s Security and Compliance centres.

Microsoft’s Compliance Centre provides records management capabilities that are particularly important for government agencies and businesses in heavily regulated industries. These capabilities include automatically labelling content to trigger retention periods. You can also set retention policies to specify the period in which specific types of records need to be retained before their destruction.

Although the Office 365 Compliance Centre is constantly evolving in its records management capabilities, for most government agencies and heavily regulated businesses this will not be enough to meet compliance obligations. That it is why it is recommended for most agencies to integrate SharePoint, OneDrive and Exchange with an electronic document and records management system (eDRMS).

For example, RecordPoint is an eDRMS that is designed for federated content management. This means that it will manage information in-place, regardless of what repository it is sitting in. This way your team can continue to work within Microsoft Teams while your records are managed invisibly in the background. Alternatively, Content Manager has a built-in integration with SharePoint that can be configured to achieve a similar outcome.

It’s imperative to make sure your organisation is compliant, and by hosting your meetings and other forms of collaboration in Microsoft Teams you can be confident that you’ll have the ability to not only secure your information but also properly manage your records.

Need help with Microsoft Teams?

If you’re looking for training in how to use Microsoft Teams or need assistance with securing, structuring and managing your records and information in Teams, our consultants can help. We not only help organisations meet their compliance obligations when using Teams, but also help them maximize their productivity and collaboration.