ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
A Security Framework for Addressing Privacy Issues in the Zoom Conference System
The COVID-19 pandemic had a significant impact on many facets of human behavior. Most significantly, it required significant changes to how daily activities were conducted. The majority of individuals were forced to work and communicate from home due to social distancing, which opened the door for more virtual meetings. Since most organizations started allowing their employees to work from home, the majority of online meeting platforms—like Zoom and Microsoft Teams—have become more and more popular. Online meetings were not only used by businesses but also by educational institutes to carry out online learning, hospitals to conduct meetings and certain surgeries, and many other industries. The online meetings are practical and simple to organize, but their information security is not as high as that of conventional meetings. Security and privacy issues resulted from this. The safety of personal information such as names, contacts, and locations, the security of online recordings since sensitive information was discussed in most meetings, the security of data while it was in transit, and the potential for competitors to intercept your business were among the many security issues that were raised. Zoom, as one of the famous online conference systems, faced many global concerns, such as sharing private information with third parties, exposing users to unauthorized bullying calls, and adopting questionable end-to-end encryption processes. Additionally, companies have had virtual meetings hacked, leading to privacy issues since hackers can obtain data illegally. Therefore, this research proposes a security framework to address the privacy issues in the Zoom system by applying a set of governance and technical controls. The governance controls provide a strategic view of how an organization controls its security while implementing the technical controls avoids privacy issues in online conference systems. The proposed framework implements a set of technical controls such as encryption, auditing, authentication, and role-based access control. The results were promising and significantly addressed Zoom's privacy issues.