A lot of law firms are realising that Zoom meetings can be a useful way of conducting team meetings, client discussions and generally getting things done from remote workspaces.
But with that realisation should come a degree of concern – are our conversations safe, and what steps can we take to ensure that client confidentiality is maintained?
Bear in mind we’re not just talking about hackers here. We’re talking about people hearing discussions they shouldn’t, and information being shared when it ought not.
Read on to find my top tips for law firms to ensure that their confidential discussions don’t end up on YouTube somewhere along with your firm credit card details.
But First – Credit Where Credit is Due
Zoom had no way of predicting that large parts of the world were about to start working from home, and that its infrastructure was about to get tested in a massive way.*
So I have to tip my hat to them for rising to this challenge.
Not only has the strength of their systems been stretched, but every nook and cranny of security is getting put through its paces.
Zoom, to their credit, has rightly paused feature development to lock down its security and privacy measures and I’m sure its team are working around the clock.
So while they’re doing their part, it’s our turn not to just do stupid stuff that leaves us vulnerable.
*Unless, of course, Zoom started the whole thing to increase their revenue.
Step 1 – Someone Has to Pay Attention
Every single Zoom meeting needs to have a “host” – someone with all the nice, clicky buttons to control who is there and what they’re doing.
But, more importantly, every Zoom meeting needs someone to be in charge of what’s going on – specifically, the participants and the chat.
Now I know that partners in law firms like to “run” meetings, but if you actually don’t know how to use a computer, then perhaps this person shouldn’t be you.
Given that the most simple security breaches involve someone just guessing your meeting ID, joining the meeting and sharing spammy phishing links in the chat – someone paying attention would probably solve 95% of these problems.
Step 2 – Entry and Exit Tones
To help person 1 pay attention, set your Zoom meeting to have entry and exit tones so you know if somebody has joined or left the meeting.
In Settings → In Meeting (Basic) you’ll find this:
Step 3 – Everyone Needs a Name
Do not let people log in anonymously with their phones – make people have a name. This, again, avoids the anonymous individual joining the meeting and ruining your day.
So if the person in charge sees a number – change it to a name, or make the person do it.
Better yet, change your settings so they have to in the first place.
Step 4 – Don’t Use the Personal Meeting Room Every Time
It’s tempting to simply use the “personal meeting room” when you schedule a meeting, as it saves people having to use their brains.
However, it also makes your meeting more vulnerable. But having the same meeting ID every time, if somebody figures it out (just by random luck normally) it’s easier for them to then log in to every future meeting, especially if you don’t take steps to lock it down.
Also, if you don't lock your meeting it avoids the problem of other team members joining at inappropriate times (like an HR meeting, for example).
So take the time to schedule a meeting and use a unique meeting ID when you do.
Step 5 – Passwords for Meetings
As of a recent update, Zoom is now automatically requiring passwords for people who join a meeting by ID only, which is good news. Even better, if you join from the invitation link directly you don’t have to enter it – so it’s a win/win.
But check your settings anyway – passwords (even simple ones) are a good idea for any meeting.
Step 6 – Lock the Meeting
If you happen to be in the 4% of law firms where everybody actually turns up to the meeting on time, it’s a good idea to lock the meeting so that nobody else can join. It’s a simple click of a button, and well worth the extra comfort.
Step 7 – Use the Waiting Room Function
As of their recent update, Zoom is enabling this by default. Basically, if people join you can set it so they have to wait before they are allowed in the meeting. This helps the host ensure that only the right people are in the right meetings.
You’ll find this in Settings → In Meeting (Advanced).
Step 8 – Announce Links
If you have chat enabled, make it a general rule that anybody who is about to share a link in the chat says out aloud that they are doing so, and what that link is. An expected, known link from a known person is a much lower risk than “Steve” sharing a link in the chat.
Step 9 – Understand the Platform
As with all technology, lawyers are their own worst enemies sometimes. It is ignorance, not technology or malice, that causes most confidentiality breaches.
This one is easy to fix: get to know the platform.
Zoom has within it many features and options that will give you greater control over and protection for your meetings – USE THEM.
But you can’t use them if you don’t take the time to properly learn how to use the platform.
So once again – allocate somebody to find out what the heck is going on, what you can and cannot do with the platform, and to provide some recommendations to your team.
Now, Go Boldly Into the Brave New World of Zoom Meetings
OK I get that Zoom is new and exciting for some, but truthfully all of this is just common sense.
Don’t get overwhelmed by the fact that it’s a new tool with lots of buttons – just apply the same sensible decision making that you’ve already told your insurer you’re doing anyway.
While Zoom will continue to implement new measures to protect even the greatest luddites amongst us, a few simple steps will usually keep the vast majority of your discussions safe and sound without having to go completely troppo.