Re: Zoom Communication

[Eric Lukens <eric.lukens () UNI EDU>]

We've had the usual messages go out regarding best practices for Zoom (and
we set the defaults the way we wanted them). However, there were still some
users and VIPs that were worried about how we could trust Zoom at all,
given the negative Zoom-related content in the media. To have a pre-done
response for them, I wrote the following:

https://it.uni.edu/updates/zoom-security-update

Though it wasn't my original intention, this document got published on the
web and the link sent in our university's weekly newsletter to all faculty,
staff, and students. The first draft was actually a response to a concerned
user in our helpdesk solution.

To be clear, this is not a how-to guide for Zoom. I tried to do the
following while not getting too technical, using simple language, and
maintaining a first-person, narrative tone:

   1. Cover sensationalism regarding Zoom security, especially things out
   of Zoom's control.
   2. Cover many of the actual security problems that were in the media,
   why these issues may have been overblown, and what Zoom did to fix them.
   3. Give a couple examples of similar or worse security problems by other
   tech companies to provide context.
   4. Give a very high-level overview of the risks we all accept when using
   various technologies.
   5. Since I have a new audience, also cover some basic computer security
   concepts.

I hoped that readers would have some new confidence in using Zoom. It is a
little long, but the goal of this document is to convince these users that
we are taking things seriously, paying attention to their concerns, and
still have confidence in Zoom as a solution.

The webpage is considered a "living" document that may be updated with new
information regarding Zoom as appropriate. So if you spot additions,
corrections, etc. that you think should be in there, feel free to let me
know.

For the EDUs out there, if you want to adapt the content to your users,
attribution to "Eric Lukens, an IT Security Compliance & Policy Analyst at
the University of Northern Iowa" would be appreciated, but is not required.

-Eric

On Wed, Apr 15, 2020 at 12:09 PM Kevin C. Kelly <kck () ias edu> wrote:

> Hi Everyone,
>
> Much like other institutions across the country/world, we published some
> recommended guidelines for our users to follow.
>
> https://www.ias.edu/computing/services/zoom-privacy-and-security
>
> We keep an eye on the information Zoom is providing and update this
> information as needed.
>
> Thanks and stay safe everyone!
>
> Kevin
>
> IT Manager, School of Mathematics
> Institute for Advanced Study
> 1 Einstein Drive
> Princeton, NJ 08540
> USA
> On 4/15/20 11:53 AM, Pete, Andrew wrote:
>
> Hi Everyone,
>
>
>
> I have a question for those institutions who are utilizing Zoom.  How are
> you handling security and privacy concerns brought by users in light of all
> the press?  I’m interested in how you are handling things overall and
> specifically if you have sent out any communications to reassure users?  If
> you have sent a communication, would you be willing to share it?
>
>
>
> Thanks,
>
>
>
>
>
> *Andrew Pete*
>
> *Information Security Architect*
>
>
>
> *New England Institute of Technology*
>
> One New England Tech Boulevard
>
> East Greenwich, RI 02818-1205
>
> 401-780-4460 (Direct)
>
> apete () neit edu
>
>
>
> *[image: NEIT_Full_Stack_H_White_BG_PNG1]*
>
>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
============================================================
Eric C. Lukens       IT Security Compliance & Policy Analyst
Information Security          Innov Teaching & Tech Ctr 117D
University of Northern Iowa       Cedar Falls, IA 50614-0301
(319) 273-7434                 http://sites.uni.edu/elukens/
============================================================

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community