Written By: Amber Ott, Chief Compliance Officer
There is no denying that the environment we’re all living in these days is far different than the one we were living in just weeks ago. With a significant portion of the global population staying home, we are all being required to connect digitally in our work and personal lives.
The platform that Agili has elected to use to stay connected to our clients and each other during this time of physical separation is Zoom. And we’re not alone – the daily user count of Zoom has increased 20-fold from where it was before stay-at-home orders became the norm. With the increase in popularity so too came an increase in awareness of security flaws, which you may have read about in recent media. Rest assured that we are aware of the issues and are following updates published by Zoom regularly. We’ve followed all recommendations that have come out so far and ensured the following security measures are in place for all meetings we schedule:
Passwords – Passwords will be required for all meetings, as they are the first step to keeping unwanted attendees out of our meetings. Links we send you to Zoom meetings will contain an encrypted version of the password, so if you use the link to access the meeting, you will not need to separately enter a password. If you join by entering the meeting ID through Zoom’s website or app, the password will be required.
Restricted access to meeting before host joins – Agili acts as “host” of all of our Zoom meetings. To protect our meetings against unwanted visitors, we have restricted access to our Zoom meetings until Agili logs-in as host. In most situations, this will be done before the scheduled start time of your meeting, but if you try to access your meeting several minutes early, you may get a message that Zoom is waiting for the host to start the meeting.
Waiting room – This allows Agili to preview who is trying to enter a meeting and allow those participants in one-by-one. When you join an Agili Zoom meeting, you’ll be placed in a “waiting room” until Agili grants you access to the meeting. Assuming all is well, this additional step will only take moments.
Screen sharing limited to the host –To further protect against unwanted visitors and inappropriate content being shared by them, we have restricted screen sharing to only the host. If you’d like to share something on your screen in an Agili Zoom meeting, simply mention it and we can grant you access in-meeting.
Meeting encryption – In order to take advantage of the encryption Zoom is able to provide, it is best to use the Zoom app, either on your laptop or computer or smartphone, and connect to the meeting audio through that device, if possible. There are elements outside of the Zoom app that Zoom is not able to encrypt because they do not control them, including a phone used to dial in to the audio of a Zoom meeting.
April 30 update
Software update – Zoom recently released version 5.0, which sets the stage for enhanced encryption. Starting May 30, all Zoom clients on versions older than 5.0 will be required to upgrade before joining a meeting to be able to take advantage of the enhanced encryption. To be prepared, all Agili users have updated their Zoom clients to version 5.0, and we recommend you do the same. The enhanced encryption will “provide increased protection for meeting data and resistance against tampering,” according to Zoom’s webpage on Zoom 5.0. You can visit this webpage to access Zoom 5.0 installers for a variety of operating systems.
Limited data centers – In order to make Zoom perform optimally, Zoom leverages a global network to support all users, no matter where they’re located. Zoom routes all meetings through data centers, and they choose a data center to use for any given meeting that will provide the best performance. Typically, data centers are used in the same geographic region a user in (for example, U.S. data centers would be used if all meeting participants were in the U.S.). Occasionally, though, data would be routed to another region of the world to optimize performance. This became concerning, particularly because Zoom would decrypt some meeting data as it passed through the data centers. So, Zoom created the option for paid account customers (which includes Agili) to specify which data centers they would allow their data to pass through. Out of an abundance of caution, Agili has limited the data centers our meetings leverage to only those regions where we and our clients sit.
We will continue to follow updates from Zoom and implement any further security measures that are made available or recommended. We want to see you during this time of limited in-person interactions, but we take the security of our client data very seriously. We hope that Zoom can continue to allow for both.