NZ Cyber Security Centre suggests care when using Zoom, app to be avoided

NZ Cyber Security Centre suggests care when using Zoom, app to be avoided

Advice comes after prime minister Jacinda Ardern criticised for using Zoom to run Cabinet meetings.

Prime Minister Jacinda Ardern has been criticised for using Zoom.

Prime Minister Jacinda Ardern has been criticised for using Zoom.

Credit: Labour

The National Cyber Security Centre has broadly released updated advice on the use of Zoom for public servants, saying it is not to be used when dealing with information classified above "restricted".

The advice includes using the Zoom desktop application if necessary and avoiding using the smartphone app.

NCSC said its preference (in order) was for public servants to use the Zoom desktop application (on their laptops) and if that was not possible to use Zoom’s in-browser functionality from a laptop or mobile device.

The Zoom mobile app could be used but "this should be avoided if at all possible".

Prime Minister Jacinda Ardern was criticised by the opposition earlier this week for using Zoom to run Cabinet meetings.

"The Zoom smartphone app preferably should not be used for hosting meetings or presentations, and where possible should not be used by staff attending calls or presentations hosted by third parties," it said.

If organisations already use another video conferencing tool (for example Microsoft Teams or Skype for Business) They should continue to use those for internal meetings, in line with their organisation’s policies, the advice said.

"You should still familiarise yourself with this advice as you may be asked to join a Zoom meeting when engaging with other agencies."

Senior officials, or those with a public profile, were at greater risk from targeted phishing attempts to acquire your Zoom account details, the advice said. 

"Globally there have been significant criminal efforts to capitalise on, and profit from, Covid-19 related technology changes." 

NCSC recommended all users enable multi-factor authentication on Zoom accounts, however at present Zoom is only able to provide this to its web browser users, not the Zoom desktop client or mobile app.

The advice was originally issued to the public sector but "given the rapid adoption of Zoom it may be useful for all nationally significant organisations", NCSC said yesterday.

The advice noted reports about Zoom’s record of enabling user tracking on its mobile applications, and a permissive privacy policy. 

"Given the urgent need to support agencies to move to remote working, we have not been in the position to undertake our own independent technical analysis of Zoom yet," it said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags National Cyber Security CentrezoomNCSC



Show Comments