Zoom Cybersecurity: Even the Baltimore Ravens Are Talking About It

When you read about Zoom and cybersecurity on ESPN, you know this has turned into one of the hottest tech topics of the pandemic.

Baltimore Ravens and John Harbaugh talking cybersecurity

NFL teams are starting spring conditioning in virtual sessions, and everything from top secret playbooks to confidential meetings must happen virtually at this point.

Ravens head coach John Harbaugh is concerned about cybersecurity and the business risk of doing things this way. 

According to ESPN.com:

Harbaugh has immediately texted the Ravens' information technology members when he's read about Zoom or other online resources getting hacked. He's been assured that everything is secure, but he reminds them about how other companies believed the same before their customers' accounts were compromised.

"It's a big concern," Harbaugh said during the Ravens' pre-draft news conference. "Hopefully we'll be OK. I really wouldn't want the opposing coaches to have our playbook or our draft meetings. That would be preferable, if we can stay away from that."

Update: Zoom-bombing is crime

Hopefully, Harbaugh has seen recent promises from Zoom's CEO that the company is redirecting all of its engineers from product development to focusing only on privacy and cybersecurity.

And what about Zoom-bombing, where someone joins your Zoom meeting without authorization and can watch. And in many cases these people do something inappropriate and disruptive.

The U.S. Department of Justice warned those who have been Zoom-bombing:

"You think Zoom bombing is funny? Let's see how funny it is after you get arrested," stated Matthew Schneider, United States Attorney for Eastern Michigan. "If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door."

Schneider says possible charges include disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications. All of these charges are punishable by fines and imprisonment. 

Tips to avoid Zoom-bombing

The U.S. Attorney's office also issued a list of best practices to help keep your Zoom meeting secure. Here it is:

• Do not make the meetings or classroom public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guest.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options in Zoom, change screensharing to "Host Only."
• Ensure users are using the updated version of remote access/meeting applications. In January, 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Baltimore Ravens GM on Zoom: safer than printouts

ESPN asked Ravens General Manager Eric DeCosta about coach Harbaugh's tech concerns, including Zoom.

"I have more confidence in Zoom than I do in Ozzie [Newsome, executive vice president], John, Steve [Bisciotti, owner] and Dick [Cass, team president], with a copy of our draft board that they just leave in the car on their front seat or something like that," DeCosta said.

Well, it's hard to argue with that one.

Related Zoom resources:
Zoom Sued Over Privacy, Promises Cybersecurity Upgrades
How to Guard Against Zoom-Bombing