Security Buyer Editor, Rebecca Spayne, catches up exclusively with Jason Lee, Chief Information Security Officer at Zoom
Zoom has become everybody’s go to platform for virtual meetings in the new working world. How do you differ from other platforms for example, Slack, Google or Microsoft?
At Zoom, we enable our customers to express themselves, connect with others, and create a future that is limited only by their imagination. We have been pioneers since the beginning as our seamless communication platform was the first to use video as its foundation, and that culture of innovation has been driving the company forward ever since. As a result, we are an easy-to-use, scalable and secure option for huge corporations, small businesses, and individuals alike.
What are the main cyber risks that platforms like Zoom are exposed to? And how do you mitigate these risks?
The security threat landscape is always evolving, and attacks are becoming increasingly sophisticated. We must be constantly aware of the wider threat landscape so we can keep Zoom and its customers protected. Currently some of the biggest security challenges posed involve supply chain attacks, and the risks associated with third-parties.
We are acutely aware of the dangers of third-party software running on our networks and take precautions to guarantee we clearly understand what is on our network and in our product. We are always on the lookout for new ways to keep our networks up to date, patched, and fully monitored. Our Bug Bounty programme is also going from strength to strength and allows us to ensure that our products are sufficiently protected by enlisting the support of the ethical hacker community to find and report bugs and vulnerabilities.
How does Zoom respond to reports of abuse?
At Zoom, we approach each report of abuse with the utmost respect and sensitivity. Users have a number of tools available to secure their meetings and report inappropriate activity. Reports are actioned and can be sent to the Zoom Trust and Safety team to evaluate any misuse of the platform, blocking users or reporting to the appropriate authorities if necessary. Participants can report live during a meeting, or retrospectively for past meetings, using a quick and efficient process. Users are even able to report abusive behaviour that is related to Zoom but happened outside of a Zoom meeting, webinar or event.
Our internal processes have evolved over time. While all reports of abuse used to come in a single queue, we now have a scaled operation which operates on a multi-level, systematic approach, with different types of reports handled in order of priority. We have also streamlined our dashboard that collects reports in one place, displays all the information needed to make a decision quickly, and generates meaningful data for us to learn and refine our own processes.
What are your internal policies and community standards around reporting?
Our internal policy is based upon a three-tiered review system which guides our decisions around Community Standards and Terms of Service infractions. This system both complies with the law and delivers safety and happiness to our users. After receiving a report, Zoom’s dedicated Trust and Safety team examines it to see whether any of our Terms of Service or Community Standards have been violated.
For challenging reports, we’ve built a formalised escalation and review process. Our four-tiered review system ensures that each report gets the attention and care it deserves, allowing us to create an experience that is as open and diverse as it is free of harmful or malicious behaviour to our users.
To read the full interview, please see our IFSEC May issue here.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com
