If there’s one thing that Zoom has taught me over the past year, it’s that cybersecurity will only ever be more important from here on out.
In an email sent recently from Drexel’s Office of the President, John Fry made us aware of two Zoom-bombing incidents that occurred last week. For those who aren’t familiar with the recently minted term, “Zoom-bombing” refers to the action of joining a meeting without the host’s permission, and in this case it was used to spread “racial slurs and symbols of hate.”
A webpage, linked in the same email, lists a number of strategies that can be used to prevent or mitigate these events. I recommend anyone who hasn’t seen this list read it for themselves on Drexel’s IT website under the heading “Zoombombing.”
Cybersecurity is something that IT people have been dealing with for decades now, but there’s a major difference between wiping a hard drive because someone got in contact with a Nigerian prince and preventing hate crimes on minimum-security meetings—that is to say, protecting the school gets a lot more complicated when the school exists on the university population’s 30,000-ish personal computers.
This event demonstrates a struggle of the modern age: How do you get your employees to follow proper security protocol when 1) they’re hosting at least three meetings per person per workday and 2) that protocol is boring.
With all due respect to the professors of Drexel University, the only reliable way to prevent unauthorized access is to make unauthorized access quite literally impossible.
People can only get into properly set-up Zoom meetings if they obtain the meeting info, the password and the host lets them in. If the host forgot to set their meeting up correctly, they might just need the meeting info. Zoom is, at its core, not designed with security in mind, just convenience.
Do you want your meetings to be secure under every circumstance? Use a different program, one without the option to have less security.
Surprisingly, Drexel already has a solution to this. Unsurprisingly, they’ve chosen not to use this solution.
BlackBoard Learn—Drexel’s online class system that’s been in use for multiple years now—already has a secure, integrated meeting system that is only accessible to students officially enrolled in that class, called BlackBoard Collaborate. There is no way to access a Collaborate session without either teaching, assisting or being enrolled in that respective class.
The drawbacks of Collaborate are that guests, both attendees and speakers, are unable to join, and that sometimes the features of the program take a bit longer to load than they would on Zoom.
I’ve never had a major issue with Collaborate, and I’ve only ever had one guest attendee and one guest speaker in any class session in the 20 online classes I’ve taken.
So why doesn’t Drexel make Collaborate mandatory, and eliminate any threat of Zoom-bombing altogether? Why do they instead send out lists of rules that my professors still disregard completely?
Of course, why does Drexel do anything?