Zoom security upgrades pushed by New York AG

Featured image

Share this article

Zoom Security Upgrades Pushed by New York AG - Paubox

No company has become a household name faster than Zoom, the videoconferencing service that became the platform of choice at the onset of the COVID-19 pandemic. But the company was caught unprepared for such explosive growth, and the sudden scrutiny of the tech industry uncovered a litany of security problems. And this was even after its practices crossed the line for Apple computers last year.

Zoom’s efforts to batten down the hatches are now well known, from buying a security company for end-to-end encryption to setting up dedicated privacy and security resources to help users verify and strengthen their security settings.

But the company’s sharp turnaround in its security practices isn’t solely the result of bad press. Over the summer, the New York Attorney General’s office opened an inquiry into Zoom’s security practices. And it was a settlement between them that cemented much of what Zoom does today.

The problem

The piercing light of massive mainstream adoption, reaching over 200 million daily users as the pandemic was declared in March, revealed a whole host of security vulnerabilities in Zoom’s software and operations.

In April, a cache of half a million Zoom account credentials was found online, and the company was forced to allow users to choose where their information was routed after security researchers noted Zoom data sometimes traveled through China. That same month, Congress opened inquiries into Zoom, and even some of its own Zoom events were targeted by “Zoom bombers.” The company rushed to release Version 5.0 of its software in April to put a number of security measures in place.

In the months that followed, a familiar “cat and mouse” series of security vulnerability announcements, bug fixes, and enhancements unfolded, including universal end-to-end encryption.

SEE ALSO: How to Make Sure Your Zoom Meeting Is Secure

The settlement

One of the many government agencies investigating Zoom was the office of the New York Attorney General.

While Zoom’s troubles played out publicly across news headlines, the company was negotiating behind the scenes with New York State for over a month.

In May, the state’s Attorney General Letitia James announced the end of its inquiry into Zoom via a settlement with the company, and the New York Department of Education ended its ban on Zoom use by schools.

“Our lives have inexorably changed over the past two months, and while Zoom has provided an invaluable service, it unacceptably did so without critical security protections,” James said. “This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don’t have to worry while participating in a video call.”

The New York Attorney General’s Office acknowledged that Zoom “has provided valuable services to schools, local governments and health care institutions to help address the unique circumstances of the global pandemic,” as well as “allowed a large number of New York residents and school children to use its service for free.”

The signed settlement agreement outlines more than twenty commitments Zoom made to the New York Attorney General, including:

  • Designating a head of security who reports to the CEO and Board of Directors and maintains a comprehensive information security program.
  • Offering educational materials on privacy controls.
  • Maintaining a “bug bounty” program that provides financial incentives to researchers and the public to find and report security vulnerabilities.

Zoom and healthcare

There has been a historic expansion of telehealth during the ongoing global health crisis as healthcare providers attempt to maintain a continuity of care for their patients. Medicare and Medicaid coverage for telehealth has increased, and the OCR has waived potential penalties for good faith use of telemedicine, among other compliance changes.

Luckily, it is possible to use Zoom in a HIPAA compliant manner, although there are many other telemedicine platforms available as well.

SEE ALSO: Zoom HIPAA Compliance: The Ultimate Guide


“Today’s agreement will protect New Yorkers and users nationwide by ensuring Zoom’s compliance with New York State and federal laws, and will ensure Zoom provides services that are more secure, that provide users with enhanced privacy controls, and that protect users from abuse,” the office wrote.

Cybersecurity journalist Kim Zetter predicted that “Zoom will soon be the most secure conferencing tool out there.”

“Too bad they didn’t save themselves some grief and engage in some security assessments of their own to avoid this trial by fire,” she added.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Ryan Ozawa

Read more by Ryan Ozawa

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022